Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
  PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 58 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jottigo.ru/award?keyword=adaptive+optics+in+ground+based+telescopes+pdf

  • http://reduslim-europa.site/32653331454uxahy.pdf
  • http://geleostone.online/internet_manager_crack_6._35vdx0m.pdf
  • http://bigchance.pw/how_to_look_up_your_pals_certificationkhrff.pdf
  • http://yewes.space/a_different_mirror_a_history_of_multicultural_america_downloadayosr.pdf
  • http://sdorovie-sustavi.xyz/do_universal_remotes_work_on_samsung_tv1pwjv.pdf
  • https://uploads.strikinglycdn.com/files/a43f8c27-98bd-40f4-9d4a-f67b7a97999a/figobudafujalodazumelag.pdf
  • https://f18b8dc1-3ce9-44bd-8712-01435d039869.filesusr.com/ugd/b97cba_31466e98b53547f3b4fe1630b058ea4d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/e1f3df4a-0f9d-4003-a467-e428386eb70e/98675338995.pdf
  • https://591379ed-26d0-4405-baa7-5b8dadede013.filesusr.com/ugd/866ffa_65bd260f7af84060bfdad8107d23db23.pdf?index=true
  • https://uploads.strikinglycdn.com/files/6cc97880-d2ff-4380-8d68-2c64285bde37/28530817070.pdf
  • https://uploads.strikinglycdn.com/files/c34f3eb2-162b-4727-a915-6bc40d655c93/dyson_dc35_parts_diagram.pdf
  • https://748e62c5-a849-4dff-87e7-3b5f74cb3522.filesusr.com/ugd/0df896_1e914de822cb4dcfabcce74abd6adacb.pdf?index=true
  • https://uploads.strikinglycdn.com/files/6f7bdef8-e858-4043-9309-31cda6897a19/what_is_internal_control_in_auditing_in_hindi.pdf
  • https://uploads.strikinglycdn.com/files/dc32b11a-59ff-4707-873b-04ba77061d5e/mozewarovum.pdf
  • https://c301b42c-deab-4116-afcd-a09dd0728425.filesusr.com/ugd/4bb894_e7b90402b02c418c82b02f60ec186ec2.pdf?index=true
  • https://989eff4c-946f-4221-9817-1a8d60f2082d.filesusr.com/ugd/7edf14_2a0c126e0adc4bed831bfc21b271e819.pdf?index=true
  • https://c546c886-5aa5-41cc-813f-4ed3e146772c.filesusr.com/ugd/b3e52d_ad55aa92ea4048ab9611ffc6aedb8e5e.pdf?index=true
  • https://ee67c5b3-b4d3-4257-b425-af55881d3a68.filesusr.com/ugd/c60da7_4ffc14b40f0d4f59a7e9b28e2f50758f.pdf?index=true
  • https://feedbc21-cb93-402c-9ae2-3476589645d2.filesusr.com/ugd/f3ecbe_cd17367aec44459ab3a5a46e727774ed.pdf?index=true
  • https://fccd5518-64e1-462d-9dbe-8d8d8a19ca7a.filesusr.com/ugd/eb005d_aadf9c998f57460e959b94c6c70ed80a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/ff744c16-f92e-42b7-9a1b-6b10d8b1c9a6/does_every_wendys_have_a_secret_menu.pdf
  • https://9a60fab3-6fb0-4be7-9305-b2e3cc44d963.filesusr.com/ugd/811c4f_bf036684c87344fb85d8a2ed6269c995.pdf?index=true
  • https://51956041-da35-40aa-96c1-085c1f47c80d.filesusr.com/ugd/e6e573_ad7fa7afb31d47828c1a5228f1aeaa1e.pdf?index=true

Open this report in the interactive analyzer, or submit your own file for analysis.