Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dalilak1.com/userfiles/file/rarivowevovog.pdf

  • http://nnk.gr/wp-content/plugins/formcraft/file-upload/server/content/files/1612ed135e46a4---31829332920.pdf
  • http://hondatayho.top/img-ngocbao/files/vizivetatupuwafilegekakar.pdf
  • http://coomargroup.com/ckfinder/userfiles/files/gopolonefamiju.pdf
  • http://naturallabs.fr/userfiles/file/gufazirix.pdf
  • https://dtd.com.pk/ckfinder/userfiles/files/riserarupawosusuf.pdf
  • https://agmatbaa.com/upload/files/40246607059.pdf
  • https://gdaniec.com/upload/files/zalokuruk.pdf
  • https://minlinart.com/archive/upload/files/95282644357.pdf
  • http://bud-med.eu/userfiles/file/kojokifami.pdf
  • http://feuerwehrobrigheim.de/upload/files/44629970741.pdf
  • https://myclubowners.com/userfiles/files/34501811830.pdf
  • https://telliogluhukuk.com/userfiles/file/zogudajubokise.pdf
  • http://midoriku.zaitakunet.jp/app/webroot/upload_images/files/16726321182.pdf
  • http://ntvietnga.com/upload/files/41913856937.pdf
  • http://maxitelt.no/wp-content/plugins/formcraft/file-upload/server/content/files/1613cd10f2f8c9---posuxame.pdf
  • http://ausafe.net/images/art/files/goxakenerovifem.pdf
  • https://autonoleggioassereto.com/file/rumazaliz.pdf
  • http://tortsurprise.ru/upload/redactor/files/vexivipobarapopaj.pdf
  • https://ntpuvoice.com/ckfinder/userfiles/files/fatusisililogox.pdf
  • https://study-abroad-travel.com/ckfinder/userfiles/file/vejorotox.pdf
  • http://czechdidgeridoo.com/admin/upload/file/97771772554.pdf
  • https://3rproject.eu/ckfinder/userfiles/files/turejufekonatavexi.pdf
  • http://xszhuhai.com/uploadfiles/files/74669952884.pdf
  • https://ajansnigde.com/resimler/files/47378435629.pdf
  • https://atolab.it/wp-content/plugins/super-forms/uploads/php/files/2478ef680f0e48e554ead7c42123da06/bubelivuli.pdf
  • https://feedproxy.google.com/~r/skout/mBVl/~3/FevRqgeaUVY/uplcv?utm_term=avatar+2+movie+download+in+tamil

Open this report in the interactive analyzer, or submit your own file for analysis.