Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dugedepap.ru/award?keyword=big+pdf+file+sample PDF link annotation

  • https://cdn.sqhk.co/nulaliki/iITJjht/90637914248.pdfIn PDF document text
  • https://cdn.sqhk.co/tuxonewebuke/gieghha/32527704223.pdfIn PDF document text
  • https://cdn.sqhk.co/rabataxuvax/hf9jdif/coloring_games_online_for_kindergarten.pdfIn PDF document text
  • https://cdn.sqhk.co/mibazudifij/Rxrhjhb/terraforming_mars_turmoil_guide.pdfIn PDF document text
  • https://cdn.sqhk.co/libobivole/7hbijPW/mantis_pinball_protectors.pdfIn PDF document text
  • https://cdn.sqhk.co/korokotuduki/hjkMje9/froggers_menu_mount_dora.pdfIn PDF document text
  • https://cdn.sqhk.co/pijajawopoji/iQyjijj/aquapark_io_apk_indir_android_oyun_club.pdfIn PDF document text
  • https://cdn.sqhk.co/sodelaranu/ajeja6p/rilebev.pdfIn PDF document text
  • https://cdn.sqhk.co/mamidusidozu/jdidhiM/learn_basic_spanish_to_english.pdfIn PDF document text
  • https://cdn.sqhk.co/xesozugis/k6hfk8c/flip_or_flop_new_season_trailer.pdfIn PDF document text
  • http://daxukutotexodu.rf.gd/hoover_floormate_spinscrub_widepath_h3044_manual.pdfIn PDF document text
  • https://3e021c9a-284a-4c54-9ba1-f6d43d4d2ba5.filesusr.com/ugd/a619af_833aa98afca64435b12d5a91f3dd7124.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/4a1abc64-3b99-4213-b412-6aa940635d82/alesis_dm10_mkii_pro_manual.pdfIn PDF document text
  • http://zosajaxuv.epizy.com/xewigolo.pdfIn PDF document text
  • http://juvudujaxajiji.epizy.com/guxubovu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/21bcb215-89aa-4e50-9fae-9942e9f0bbcf/sozuwarubemiwexosuzopu.pdfIn PDF document text
  • http://xizokokov.epizy.com/zanamigomap.pdfIn PDF document text
  • https://72b50e20-f79f-40ca-96b4-24bef83e308f.filesusr.com/ugd/1a1092_d2dc95050790408cb1493ebdde8b6cfb.pdf?index=trueIn PDF document text
  • https://26f2e344-8444-46ea-90c9-5a893bcc2fb3.filesusr.com/ugd/b8c837_acb6532ec7324d86a2e5e2a329041998.pdf?index=trueIn PDF document text
  • http://nasuxenabo.epizy.com/icloud_activation_bypass_software_free.pdfIn PDF document text
  • https://49432a94-54bc-4d13-9d12-ea41d731e1b8.filesusr.com/ugd/a7c689_bf877f322b8a467385dbaa602509cc6a.pdf?index=trueIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.