Malicious PDF — malware analysis report

Heuristics 5

• Secondary embedded PDF body has suspicious static findings high POLYGLOT_CHILD_PDF_STATIC_TRIAGE
  A valid PDF body was found at a nonzero offset inside another container and its carved contents matched PDF exploit or lure heuristics. This catches polyglots where the top-level magic routes to ZIP/OLE while a PDF reader or downstream parser opens the hidden PDF payload.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://dubaipropertyrentals.net/idealow/causemusic.php/QsehmcoPnfzxY16215237ssea.pdf PDF link annotation

  • http://dubaipropertyrentals.net/idealow/causemusic.php/bbP_dQcwhnmzGlvmromPPcPavvt16215973nf.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/dsPukrmJve_o_16215425Y.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/whranekknk_Pkmn_bc_bzcwnhecmcf16215610ob_t.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/YheoGrfvPduuJwfsfwzoezJJvbls16215728c.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/swmYsiaerGdnn16215671hxl.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/ozaiaGrwrmsJYGhheuorrPwJQd16215447ese.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/mGw16215799_Yf.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/mxzQfezhhfndwkwid16215229z.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/za_bo16215621n.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/kttPdJssanmbz_r16215450nl.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/vcsYQfY16215477_fh.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/_JdaYdJcxxodl16215195m.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/dYswiaGoGeJdGJa16215820__l.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/edzPle_YdituGheQbcz16215696tu_u.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/brxeosrvwk_G16215232sP.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/lGhwzuuePbQuodlnQP16215978exnm.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/stwvuabadf_PYcxdxda16215511ml.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/ctzelmxvJ_vbwYibzslbcvsYmlaxJf16215946kG.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/vxGcGYsmz16215243f.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/nY__sklP_kJrszJs16215619rvo.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/cJtdYJYbotdxbY_ecPvQts16216177t.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/GdbsdvvaneQGv_uY16215267J.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/xkJdaQdGflhJtvGumnii16216002l.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/akevwmimbeQvrnkQa_16215734obmu.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/Qr_ic_16215278lkiz.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/eshzmPbbGsohdiYatQQxafQrG_fm16215793Yoat.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/xGGPiahleka_YxJbvacebwu16215298hsfk.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/QJuoJoGniYwzdPt16215441aJ.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/bYGPPcdGinmsQfQJvQPdJbfvt16215633Qt.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/fkGzxkmihbkhYevPP_afr16215981fb.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/_czvGQxe_ahsYmdchnGlbz16216010v.pdfIn PDF document text
  • http://www.toledano.fr/images/ruQPteaJdeemokllmGxkxxfPPah15918839_.pdfIn PDF document text
  • http://apbmchaplain.com/growstep/xGvohtfuh16064390l.pdfIn PDF document text
  • http://www.toledano.fr/logs/dhzzbwkaozhwYvhvamceQnkw_15902194Q.pdfIn PDF document text
  • http://www.citrusheightsplumbing.net/wp-includes/bzcsessuhJwPmwmltxderGfb15493448ic.pdfIn PDF document text
  • http://www.toledano.fr/images/z_mdd15872185G.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/QvbrkbkJnknmPxkxls_bJcrzaw16215770ozbl.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/czrJ_PJ_urixdYJhhutnQbYfuoJ16215211and.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/Gaa16215217ibf.pdfPDF link annotation
  • http://dubaipropertyrentals.net/idealow/causemusic.php/kQiJehho16215566k.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/sfQcdYbi_nQll_vYrwYbdY16215499tx.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/ssfPJl16215508n.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/elYPbsJPYYooctan16215270xar.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/r_avl_iv_oGfbaw_Qwhi16215699_.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/sccvevczJrlbrnnGQfPc_uusurte16215925e.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/QdnGsYuhkevGhQwmkhPokJxdr16215716b.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/cltbtYkhlobwfdQdGwvn_Psuuxfrs16216113GQ.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/cwsenaohoPJb16215248z.pdfIn PDF document text
  • http://dubaipropertyrentals.net/idealow/causemusic.php/hoeeuzcuuvknGltaQz16215851nff.pdfIn PDF document text

  +66 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.