Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cructi.ru/pbw?utm_term=titration+weak+base+strong+acid PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4476952/normal_60677b43db83d.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4480753/normal_606d6d0e0b1e6.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4371497/normal_60288de01e734.pdfIn PDF document text
  • https://wabezapodila.weebly.com/uploads/1/3/1/4/131437306/zimibikesefev.pdfIn PDF document text
  • https://molefagis.weebly.com/uploads/1/3/5/3/135311004/28a318a6955c.pdfIn PDF document text
  • https://bovabesizepin.weebly.com/uploads/1/3/1/3/131383515/gawibobitewu.pdfIn PDF document text
  • https://pikoxujedogusu.weebly.com/uploads/1/3/4/6/134665618/9b0eec0.pdfIn PDF document text
  • https://gefawopunov.weebly.com/uploads/1/3/0/9/130969454/e9289.pdfIn PDF document text
  • https://senuwisaf.weebly.com/uploads/1/3/4/0/134018119/pamifinogu.pdfIn PDF document text
  • https://kofitabalu.weebly.com/uploads/1/3/0/7/130775223/xarozub.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/bec2c316-2716-494f-9f14-6cbfcfeaeecb/86902292092.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f756c2e7-0d68-49e2-98f0-a238e8a13a59/simple_balancing_chemical_equations_worksheet_with_answers.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f9741814-6466-46a3-b8cf-e94cdd5d0778/25035679060.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d91383c4-2521-4777-8ff8-5ed9a3dc2d38/nemev.pdfIn PDF document text
  • http://zeratuwolima.pbworks.com/f/warekewiruviruwen.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/94b88214-fc6c-414d-ad9b-deec2d4b09ce/song_the_road_less_traveled.pdfIn PDF document text
  • http://xuvabufoj.pbworks.com/f/tufojepabezaregodexazebod.pdfIn PDF document text
  • http://bojirakaj.pbworks.com/f/sportcraft_electronic_dartboard_instructions.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/87e6e4ac-e90a-4b86-b2f0-1f6f63c2cbc9/ancient_greek_facts_about_gods.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5edd4d06-458b-4250-ba52-3c78a5fea5f6/questionrio_unidade_1_comunicao_e_expresso_unip_2020.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.