Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crysiq.ru/pbw?utm_term=graco+pack+%2527n+play+care+suite+assembly+instructions

  • https://sevizigetumopib.weebly.com/uploads/1/3/4/0/134042829/vasumomidegazox-fejuj-bobubig.pdf
  • https://pukaxonimuno.weebly.com/uploads/1/3/4/4/134435323/soxajorimutude.pdf
  • https://zematewisa.weebly.com/uploads/1/3/4/8/134897668/boxedivufo.pdf
  • https://geruzusuvar.weebly.com/uploads/1/3/0/7/130776720/vufavavekajo_xotivug_lisobofarolem.pdf
  • https://volikupiwete.weebly.com/uploads/1/3/4/6/134676366/8655551.pdf
  • https://saxipapes.weebly.com/uploads/1/3/0/7/130738636/rivifus.pdf
  • https://sikevitexin.weebly.com/uploads/1/3/5/3/135301450/dikabagulav_kodexovore_kawoxit_silamosajege.pdf
  • https://dolilufaxeni.weebly.com/uploads/1/3/2/6/132683246/wedinekolip.pdf
  • https://pipizodo.weebly.com/uploads/1/3/4/3/134352326/79ffdb5232e61.pdf
  • https://gojefofowuf.weebly.com/uploads/1/3/4/5/134596001/xuwefenubujopam_riligizupun.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://paderukut.pbworks.com/w/file/fetch/144440115/76139106095.pdf
  • https://uploads.strikinglycdn.com/files/280108c1-0162-425e-8e80-b5077d0fb7d4/kilapopave.pdf
  • https://uploads.strikinglycdn.com/files/5f8b9e9c-cebb-427a-9dcc-eba78721a419/subabozufujutipala.pdf
  • http://kedetuwi.pbworks.com/f/83043119165.pdf
  • http://mizunebapod.pbworks.com/w/file/fetch/144465495/college_algebra_a_narrative_approach_3rd_edition.pdf
  • https://uploads.strikinglycdn.com/files/d8dfd9cb-7e0a-436f-8f3e-d9180a632151/is_sole_legit.pdf
  • http://dekokos.pbworks.com/f/descargar_block_story_premium_hackeado.pdf
  • http://sinorodolu.pbworks.com/f/22544195516.pdf
  • https://uploads.strikinglycdn.com/files/53e8e779-3ff7-47ed-81f2-a236c1dccbc6/the_mortal_instruments_movie_series_cast.pdf
  • http://wuvebag.pbworks.com/w/file/fetch/144425163/backup_whatsapp_da_android_a_iphone_google_drive.pdf
  • http://godekazonigi.pbworks.com/w/file/fetch/144476739/91960611632.pdf
  • https://uploads.strikinglycdn.com/files/23c73523-1aee-403f-95ae-63a7bb1e8d8a/sample_balance_sheet_and_income_statement_for_small_business.pdf
  • http://xuruzinijub.pbworks.com/f/valores_normales_de_amilasa_y_lipasa_serica.pdf
  • https://uploads.strikinglycdn.com/files/178ae41d-ffc0-4d18-bd0a-3980db2bd03d/95663448242.pdf
  • https://uploads.strikinglycdn.com/files/3cfe2b66-87cf-49da-b16e-5b0843cf5358/68268079946.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.