Malicious PDF — malware analysis report

Heuristics 3

• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://niagaranaturalfertility.ca/uploads/1/3/0/3/130323311/6096996.pdf In PDF document text

  • https://gasejivezanolow.weebly.com/uploads/1/3/0/2/130288559/vovuki-nexiwatirasufaj-xanovamuda.pdfIn PDF document text
  • http://lax.safeautokzn.ru/uploads/2020/01/27/305495.pdfIn PDF document text
  • http://lachen.weebly.com/uploads/1/3/0/2/130287945/tobowulezepew-selali-muzose-zarimorosem.pdfIn PDF document text
  • http://novostroy-krd.ru/uploads/2020/01/27/0180b638ce1.pdfIn PDF document text
  • http://mrbrushgrade5.ca/uploads/1/3/0/5/130543099/fezivovor-feriwofifefot-didipekivuf.pdfIn PDF document text
  • http://buyhempoilnow.shop/uploads/1/3/0/3/130313605/8288567.pdfIn PDF document text
  • http://gugafum.flashapp.online/uploads/2020/01/28/2c1d38.pdfIn PDF document text
  • http://drewwatsonpups.com/uploads/1/3/0/3/130313091/130313091.html#esl+conversation+question+cards+pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.