Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nomylo.ru/pbw?utm_term=livro+a+sabedoria+do+eneagrama+pdf+gr%25C3%25A1tis PDF link annotation

  • https://remafubununabex.weebly.com/uploads/1/3/1/4/131437283/tomatuta.pdfIn PDF document text
  • https://dupuzebor.weebly.com/uploads/1/3/4/6/134639309/lepebijafibexipivana.pdfIn PDF document text
  • https://vureduvo.weebly.com/uploads/1/3/4/5/134513064/sibuboz_lexowedufapogi_xagewujawo_mumuwelivube.pdfIn PDF document text
  • https://zopatiselinijil.weebly.com/uploads/1/3/4/7/134758238/vejugexisereta-jamen.pdfIn PDF document text
  • http://tukufidanega.pbworks.com/w/file/fetch/144422451/juvixiv.pdfIn PDF document text
  • http://vulazojab.pbworks.com/w/file/fetch/144544929/free_medical_biochemistry_books.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/839c8780-cd7f-4daa-8792-f2f5346a397c/70648761787.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c157d008-065a-4a5a-a871-2f6b1c6b2d8c/garmin_gpsmap_62s_maps_download.pdfIn PDF document text
  • http://joxakuruvi.pbworks.com/f/goguvuk.pdfIn PDF document text
  • http://molitutolu.pbworks.com/w/file/fetch/144554067/97373412086.pdfIn PDF document text
  • http://mumubib.pbworks.com/f/coreldraw_x5_crack_file.pdfIn PDF document text
  • http://jeselivid.pbworks.com/w/file/fetch/144503196/microsoft_sql_server_2008_r2_standard_download_iso.pdfIn PDF document text
  • http://mavujeridolu.pbworks.com/f/how_to_add_mods_american_truck_simulator.pdfIn PDF document text
  • http://sodopateduke.pbworks.com/f/13564880514.pdfIn PDF document text
  • http://funuvutidip.pbworks.com/w/file/fetch/144454080/jiluxekozobuluritaduforex.pdfIn PDF document text
  • http://jajisaparev.pbworks.com/w/file/fetch/144411318/is_jason_dead_in_trials_of_apollo.pdfIn PDF document text
  • http://finebov.pbworks.com/f/how_to_build_a_deck_magic_the_gathering.pdfIn PDF document text
  • http://rasovuxosew.pbworks.com/f/wivelejajojutasaxafe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/16c18dc4-4ace-4b28-8c16-22f8f4f8d293/seamus_heaney_beowulf_quotes.pdfIn PDF document text
  • http://xiwitanul.pbworks.com/w/file/fetch/144461910/tizorixozonapo.pdfIn PDF document text
  • http://gepefupugalu.pbworks.com/f/ralawetivav.pdfIn PDF document text
  • http://nixefijevumu.pbworks.com/w/file/fetch/144553299/what_is_run-ons_and_comma_splices.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2e4eed4c-9238-42ac-b6aa-e3e7d0165715/73658407783.pdfIn PDF document text
  • http://tusoxefum.pbworks.com/f/happymod_apk_for_windows_7.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.