Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/award?keyword=surah+al+an+am+urdu+translation+pdf

  • https://lazezareb.weebly.com/uploads/1/3/4/3/134311903/gerifunazo_kidoridar.pdf
  • https://bivufinemena.weebly.com/uploads/1/3/1/3/131380184/8821330.pdf
  • https://tidemipevu.weebly.com/uploads/1/3/0/7/130740592/35f8da12c2.pdf
  • http://vizilirudigub.getenjoyment.net/black_skins_white_masks_analysis.pdf
  • https://dinidoleto.weebly.com/uploads/1/3/0/9/130969871/88217.pdf
  • https://pofofeteb.weebly.com/uploads/1/3/2/6/132681268/7564052.pdf
  • http://zixaxagewan.mypressonline.com/82127810450.pdf
  • http://vofufime.mypressonline.com/vodijawozumesapifutod.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://200c4c3d-185b-4246-b99f-f40cd7065c99.filesusr.com/ugd/3ed902_1d53b2e73fcf4d5a87881247b7b212e1.pdf?index=true
  • https://s3.amazonaws.com/mufukep/70757117316.pdf
  • https://19527f6f-7821-4b33-8e58-d909ab9a203f.filesusr.com/ugd/b18fc6_e55023d216204d97b5840b56eaffb882.pdf?index=true
  • https://369206df-e466-4f8f-9771-850d1edb33c5.filesusr.com/ugd/8fd5dc_4ee6a19a15d84422aaa18cd574b3f977.pdf?index=true
  • https://uploads.strikinglycdn.com/files/fe8ff17c-9957-49b2-bd1c-a5f126b0ce11/imagine_john_lennon_easy_piano_sheet_music_free.pdf
  • https://8c4778c4-ed17-4cf1-86f9-5448e21c5c15.filesusr.com/ugd/6da380_0c038e01abde4e8b9b5dcbcefb212393.pdf?index=true
  • https://a1d1c4ac-cf1d-4c58-861c-45d1188f4b60.filesusr.com/ugd/052f3a_8446d91a49c5402792a475829661290f.pdf?index=true
  • http://lododaz.rf.gd/melhores_poemas_cecilia_meireles.pdf
  • http://ravexigulot.rf.gd/how_to_fix_kirby_vacuum.pdf
  • https://s3.amazonaws.com/xazarujokemus/blue_cross_provider_manual_california.pdf
  • http://ditaxaj.rf.gd/biodegradable_packaging_materials_for_food.pdf
  • https://uploads.strikinglycdn.com/files/100b6664-9281-4ffd-bab6-cf854bbd623e/90084948375.pdf
  • http://vunonam.atwebpages.com/69732314605.pdf
  • http://zovibeviniga.myartsonline.com/2020_audi_a8_owners_manual.pdf
  • http://betiravel.epizy.com/google_spreadsheet_app_for_mac.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.