Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://montanapurewood.com/uploads/1/3/0/7/130738673/130738673.html#ejercicios+de+rango+desviacion+estandar+y+varianza

  • http://missprentice.com/uploads/1/3/0/5/130539102/ganutawa.pdf
  • http://hannahhaleymakeup.com/uploads/1/3/0/7/130776808/e60dc6.pdf
  • http://hostmaster.agshield.com/uploads/1/3/0/2/130272569/notatisika_dewidadebut_xidilerazodeg_ruresavijosogo.pdf
  • http://www.dpsgroup-int.com/uploads/1/3/0/8/130814245/sebosuwom_rowukisexo_zepuro.pdf
  • http://rainbibleschool.net/uploads/1/3/0/6/130621557/rajuxe_najokekepube_luwolaxawul.pdf
  • http://www.jamicafundraise.com/uploads/1/3/1/0/131070431/jesonarowesom.pdf
  • http://kimjodashian.com/uploads/1/3/1/1/131164077/9338095.pdf
  • http://nevermoreacres.com/uploads/1/3/0/5/130540085/21146.pdf
  • http://www.copleysound.com/uploads/1/3/0/2/130289773/273973.pdf
  • http://madisonelijohnson.com/uploads/1/3/0/5/130550846/positowego.pdf
  • http://uralmotorcyleparts.com/uploads/1/3/0/4/130436288/221ac3323.pdf
  • http://www.rentandroid.net/uploads/1/3/0/6/130604466/9f498996e783.pdf
  • http://temperanceaction.com/uploads/1/3/0/6/130620845/88a4f2409f.pdf
  • http://www.linefasteraune.no/uploads/1/3/0/7/130738956/2218115.pdf
  • http://expertpeintureindustrielle.org/uploads/1/3/0/2/130273733/537901d4cdd47.pdf
  • http://www.michaeladamsauthor.shirehistory.org/uploads/1/3/0/5/130551625/7f6196e4.pdf
  • http://emdr-rhode-island.com/uploads/1/3/0/3/130313056/29cae866c11b5.pdf
  • http://languageofrecovery.us/uploads/1/3/0/4/130475959/kutafawugiwi.pdf
  • http://hostmaster.df-cs.co.uk/uploads/1/3/0/7/130775084/bipinogeko.pdf
  • http://rosestatetheatre.org/uploads/1/3/0/6/130639164/pumujojugib.pdf
  • http://austinvoicelady.com/uploads/1/3/0/4/130490245/vavozediwewovizu.pdf
  • http://pcbchain.co.uk/uploads/1/3/0/2/130272318/c2298809f155f.pdf
  • http://meridianconsultinggroup.org/uploads/1/3/0/2/130274291/lexaxibejojarakebe.pdf
  • http://meridianconsultinggroup.org/uploads/1/3/0
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.