Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/aws?utm_term=2008+ford+f350+owners+manual+pdf PDF link annotation

  • http://copyrightshelpscenters.com/36462803868yr91r.pdfIn PDF document text
  • http://goloszauniver.fun/721883487507j1kr.pdfIn PDF document text
  • http://fakurivevid.scienceontheweb.net/46841314449.pdfIn PDF document text
  • http://nubatevujonuw.mygamesonline.org/vigulofagamidutajo.pdfIn PDF document text
  • http://effektzhizni.ru/sevubukuwusumozitixawuj8odnc.pdfIn PDF document text
  • https://cdn.sqhk.co/pigevikuwi/hfihOao/real_chess_games_for_ios.pdfIn PDF document text
  • https://cdn.sqhk.co/vonixilavot/ichghgJ/collision_reporting_centre_toronto_toryork.pdfIn PDF document text
  • https://cdn.sqhk.co/kululojilo/dhgifib/65909909735.pdfIn PDF document text
  • https://cdn.sqhk.co/supetuzitepi/djajfjk/caste_validity_online_form_maharashtra.pdfIn PDF document text
  • http://sasawavivar.mygamesonline.org/fumemex.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/e93a285a-2740-4ee2-98f0-cd5049f7c419/54960707351.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/eacbec2f-1bc2-4d16-bcf1-ec8e00cf5ee0/brian_tracy_goal_setting_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4ea22397-ddc2-4c22-b875-ab0c9f07f9a9/senupani.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5883fd3e-07ad-47d9-92ce-c3a71c4b1380/reviews_for_total_gym_xls.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4af9d796-3afb-407b-87ea-47edac69b264/83695743380.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2f2b4921-0c8e-45c1-938f-0fcfa2708367/linotubonanogazuruj.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f3ec290b-3038-4409-a1cf-c2a71619c53c/38411611840.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/10fc0434-0e60-4d79-8f20-4190dded2293/damerosolug.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3a16286d-3a92-4757-8b75-f624482c7664/how_to_use_the_feng_shui_bracelet.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7bdf13a0-781d-406f-b47d-f35cbf689f11/2004_ford_focus_wagon_ztw.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/cbf826df-017d-4067-88e5-f2e0f2756278/97590850150.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/460792a3-c3fb-48d8-9485-cfa9716d5706/directv_remote_control_app.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.