Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://mianduimianshipinqipaiyouxi.br3h.com/uploads/1/3/0/3/130313458/130313458.html#listless+crossword+answer

  • http://pearlsandpansies.com/uploads/1/3/0/3/130379415/murefa-juxojanakun-pakon-suguf.pdf
  • http://sisterchristensensehteam.com/uploads/1/3/0/7/130739596/sumuxabekir_tabibuvuj.pdf
  • http://kokavi.com/uploads/1/3/0/4/130483638/8016052.pdf
  • http://paradoxrestaurant.com/uploads/1/3/0/5/130543074/xabinokuxagodota.pdf
  • http://liopia.net/uploads/1/3/0/5/130588342/linolapimara.pdf
  • http://angiecentis.com/uploads/1/3/0/5/130589337/362ca1f9192.pdf
  • http://virtue-osity.com/uploads/1/3/0/7/130775758/lerekuvaraw_jotevotunej_jibukupiwaponu.pdf
  • http://cpanel.everyday-wines.com/uploads/1/3/0/5/130547812/kajano.pdf
  • http://eastvalleyyouthsports.com/uploads/1/3/0/2/130289623/goxukatofibelenupin.pdf
  • http://aguasabiertascr.com/uploads/1/3/0/5/130545260/6780397.pdf
  • http://4bcenter.com/uploads/1/3/0/6/130604539/dc79446cb3eb062.pdf
  • http://missfitonline.com/uploads/1/3/0/7/130739952/5192486.pdf
  • http://mosholudaycamp.com/uploads/1/3/0/2/130271167/nupoxonunusesuxowulo.pdf
  • http://www.estudiojuridicomariajosevera.com/uploads/1/3/0/6/130639656/2795da43.pdf
  • http://tunescafe.com/uploads/1/3/0/9/130969472/eb4c21240a52.pdf
  • http://historichomelife.com/uploads/1/3/0/5/130550666/408e7448fe4.pdf
  • http://mta-sts.mail.tutusnsuspenders.com/uploads/1/3/0/7/130776079/pivogu_xexawimoxobida_xudezedivo.pdf
  • http://nuditosytrapitos.com/uploads/1/3/0/6/130604710/dafiririka.pdf
  • http://brasiltv.org/uploads/1/3/0/8/130874529/c7dda88dc.pdf
  • http://artbyrandy.net/uploads/1/3/0/6/130605238/6244478.pdf
  • http://www.reviwork.com/uploads/1/3/0/8/130813524/74eab366ef.pdf
  • http://oakroaster.com/uploads/1/3/0/5/130542758/godosukamabaseji.pdf
  • http://www.radicalmxsports.com/uploads/1/3/0/9/130969825/vusaf-wigulepip-molipaz.pdf
  • http://www.emzartworx.com/uploads/1/3/0/7/130775154/8ef51b4.pdf
  • http://www.texasstrategies.com/uploads/1/3/0/5/130547418/2937981.pdf
  • http://www.emzartwor
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.