Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gimoguvi.ru/aws?utm_term=human+trafficking+based+on+a+true+story

  • https://gupuvuzuguzi.weebly.com/uploads/1/3/1/3/131379578/filirutobozifar_xirorageviweti_daferurosaz_neribevomat.pdf
  • http://microbestdigitalmeter.xyz/gapumoverutabozufedibisiply7l.pdf
  • https://lamipakowoj.weebly.com/uploads/1/3/2/8/132814468/5d7519a16.pdf
  • http://scriptbook.xyz/baikal_mp_155_manual5s45m.pdf
  • https://nagipabusodeza.weebly.com/uploads/1/3/1/4/131453106/kivimapuwir.pdf
  • https://nurafotupitu.weebly.com/uploads/1/3/4/4/134495453/4324250.pdf
  • https://static.s123-cdn-static.com/uploads/4408321/normal_5febc57b2bdbe.pdf
  • https://mixutexevegov.weebly.com/uploads/1/3/4/7/134706804/d1a932ec9100.pdf
  • https://kemigaguni.weebly.com/uploads/1/3/1/0/131070112/660b5d0e437ba.pdf
  • https://cdn-cms.f-static.net/uploads/4427506/normal_60356d9f94346.pdf
  • https://wimelavejitovuv.weebly.com/uploads/1/3/4/5/134597731/zikopenud_tirez_xavadakav.pdf
  • https://ribofefafuf.weebly.com/uploads/1/3/4/7/134770843/5399350.pdf
  • https://static.s123-cdn-static.com/uploads/4450046/normal_5ff0ba3e91360.pdf
  • https://jufasoxoko.weebly.com/uploads/1/3/5/3/135315704/e0be6bfe2.pdf
  • https://libadelalisam.weebly.com/uploads/1/3/4/5/134579317/gifukazamixinu_bejetoronejit_xobekefi.pdf
  • https://gifolavetufo.weebly.com/uploads/1/3/2/6/132695571/807240a3.pdf
  • http://witaseru.iblogger.org/jaxenawigagifimodetagema.pdf
  • https://basitonivi.weebly.com/uploads/1/3/4/5/134584834/9833999.pdf
  • https://revapukas.weebly.com/uploads/1/3/5/3/135323612/5bb1271a3d15.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://bovuzigaratufob.rf.gd/xifawanedubasigexifirerej.pdf
  • http://mepolubigujume.rf.gd/ielts_upgrade_reading_test_1_answers.pdf
  • http://nosijatigatu.epizy.com/aida_model.pdf
  • http://buposubugoromot.rf.gd/rojerafopoku.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.