Malicious PDF — malware analysis report

Heuristics 5

• PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
  PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• PDF link farm advertises cracked/pirated software medium PDF_CRACKED_SOFTWARE_LURE
  PDF contains many clickable links whose targets use cracked-software, keygen, serial-key, or warez vocabulary. These are SEO-spam lure documents that rank for software-piracy searches and route users to fake 'crack' download pages distributing potentially-unwanted programs, adware, or droppers. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://esecuritys.com/allcleartravel.extenuating/worzel/?dennis=saturates&SGFtYSBSYWNpbmcgV2hlZWwgVGh1bmRlciBWMTggRHJpdmVyIDE3SGF=ZG93bmxvYWR8T1YzYUdSbmNueDhNVFkxT0RJeE9EazROWHg4TWpVNU1IeDhLRTBwSUZkdmNtUndjbVZ6Y3lCYldFMU1VbEJESUZZeUlGQkVSbDA PDF link annotation

  • https://www.spasvseyarusi.ru/advert/free-full-download-pes-2011-highly-compressed-10mb-rar/In PDF document text
  • https://poll.drakefollow.com/sout.js?v=1.1.1In PDF document text
  • https://uranai-cafe.jp/wp-content/uploads/2022/07/PATCHED_QuickBooks_Activator_V06_Build_70_TESTVERSION__BEAST.pdfIn PDF document text
  • https://towntexas.com/wp-content/uploads/2022/07/Bupena_Kelas_5_Sd_Pdf_71.pdfIn PDF document text
  • http://modiransanjesh.ir/the-klub-17-mega-pack-torrent-free/In PDF document text
  • https://www.reptisell.com/drakensang-online-hack-tool-3-24-rar-2/In PDF document text
  • https://progressivehealthcareindia.com/2022/07/25/elemenmesinsularsoebook-top/In PDF document text
  • http://avc-mx.com/wp-content/uploads/2022/07/Electromagnetic_Field_Theory_By_Dhananjayan_Free_Ebook_Downl.pdfIn PDF document text
  • https://www.hajjproperties.com/advert/hero-editor-1-14-download-top/In PDF document text
  • https://www.designonline-deco.com/wp-content/uploads/2022/07/briarmi.pdfIn PDF document text
  • http://saddlebrand.com/wp-content/uploads/2022/07/Dracula3LaSendaDelDragonSpanishPCDVD_Hack_Torrent.pdfIn PDF document text
  • https://battlersauctions.com/wp-content/uploads/2022/07/belywar.pdfIn PDF document text
  • https://kramart.com/aegisubkaraokeeffectcollection/In PDF document text
  • https://www.caelmjc.com/wp-content/uploads/2022/07/Farm_Frenzy_4_Crack_File_Download_LINK.pdfIn PDF document text
  • https://volektravel.com/wp-content/uploads/2022/07/charlie_and_the_chocolate_factory_tamil_dubbed_torrent.pdfIn PDF document text
  • http://rootwordsmusic.com/2022/07/25/xln-audio-��-ds-10-drum-shaper-v1-0-5-vst-aax-au-win-osx-x86-x64/In PDF document text
  • http://teignvalleypedalbashers.co.uk/advert/empire-earth-zeitalter-der-eroberungen-download-toplIn PDF document text
  • https://riberadelxuquer.com/wp-content/uploads/2022/07/survey_bypasser_v_28_key.pdfIn PDF document text
  • https://ktqmart.com/wp-content/uploads/2022/07/PCSX2_Config_Saver_By_Lunatic_Shade_iso_LINK.pdfIn PDF document text
  • http://moonreaderman.com/autodesk-revit-architecture-2011-free-download-cracked-full-version/In PDF document text
  • https://www.spasvseyarusi.ru/advert/free-full-download-pes-2011-highly-compressed-10mb-In PDF document text
  • https://uranai-cafe.jp/wp-content/uploads/2022/07/PATCHED_QuickBooks_Activator_V06_BuilIn PDF document text
  • http://avc-mx.com/wp-content/uploads/2022/07/Electromagnetic_Field_Theory_By_DhananjayIn PDF document text
  • http://saddlebrand.com/wp-In PDF document text
  • https://www.caelmjc.com/wp-In PDF document text
  • https://volektravel.com/wp-In PDF document text
  • http://rootwordsmusic.com/2022/07/25/xln-audio-��-ds-10-drum-shaper-v1-0-5-vst-aax-au-win-In PDF document text
  • http://teignvalleypedalbashers.co.uk/advert/empire-earth-zeitalter-der-eroberungen-In PDF document text
  • https://ktqmart.com/wp-In PDF document text
  • http://moonreaderman.com/autodesk-revit-architecture-2011-free-download-cracked-full-In PDF document text
  • http://www.tcpdf.orgIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://www.aiim.org/pdfa/ns/extension/In PDF document text
  • http://www.aiim.org/pdfa/ns/schema#In PDF document text
  • http://www.aiim.org/pdfa/ns/property#In PDF document text
  • http://www.aiim.org/pdfa/ns/id/In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.