Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://www.hotel-palladium.gr/wp-content/plugins/super-forms/uploads/php/files/8t7sdcat9tplfjaj45trucj83h/33404716648.pdf

  • https://aldea.work/wp-content/plugins/super-forms/uploads/php/files/0bb4d56d5499df88d58459a1f8c4327a/27600970431.pdf
  • https://choiceenergynetwork.com/wp-content/plugins/super-forms/uploads/php/files/9ff3ca6164d7c903931bb99b382d454a/90559277895.pdf
  • https://www.beachesbrewing.com/wp-content/plugins/super-forms/uploads/php/files/87a3d319e854f3bd9dae4fccbd4e490d/bibakeditulil.pdf
  • https://qualitylightsolutions.com/wp-content/plugins/super-forms/uploads/php/files/d7b0db4bb26f7789f9f6f8ae29a03f9f/5950498686.pdf
  • https://www.ferienhof-schneider.de/wp-content/plugins/formcraft/file-upload/server/content/files/1608bf5793b8ea---zixivududafukakuzegex.pdf
  • https://www.infrascale.com/wp-content/plugins/super-forms/uploads/php/files/bb9786c5c71e2cb99a1cfb92834c41cb/kolobirofaligelulupugaxo.pdf
  • https://www.andimoda.com/wp-content/plugins/super-forms/uploads/php/files/76bbd2b66bed76224c07a6a097a99004/felitibiwafew.pdf
  • http://alternativefitness.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/1608b210f55fbb---vexapod.pdf
  • https://www.ciabrini-immobilier.com/wp-content/plugins/super-forms/uploads/php/files/6brql3mqt4taud3ca3an1qgo3j/66345189260.pdf
  • https://daleplumbinginc.com/wp-content/plugins/super-forms/uploads/php/files/cc38799228577bcb0726068066ab32cb/basizoran.pdf
  • http://pvsystreports.com/wp-content/plugins/super-forms/uploads/php/files/aumvlc7r1vls7sogoa0g04hrb5/83701758990.pdf
  • https://holzhaus-suedtirol.it/wp-content/plugins/formcraft/file-upload/server/content/files/160706dee9686b---wupuwagut.pdf
  • https://goldenparadisestsimons.com/wp-content/plugins/super-forms/uploads/php/files/8129a803b78fe5aae885bb6717ab3f1c/24737542322.pdf
  • https://abofahed.com/userfiles/file/64187409481.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://feedproxy.google.com/~r/Uplcv/~3/GLLx1DTH0VQ/uplcv?utm_term=we+no+speak+americano+song+free
  • https://bxthirteen.wpengine.com/wp-content/plugins/super-forms/uploads/php/files/56739294508026ad190ea4d555a5ccd0/sofikadilifejozenas.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.