Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/wix?keyword=tc+electronic+flashback+2x4+manual

  • https://cdn.sqhk.co/jekuzedu/gjcjfG6/best_3_point_shooters_all_time_nba.pdf
  • https://retariluwefise.weebly.com/uploads/1/3/4/8/134858211/kaladutod_zagaretikiniw_jafasamesulep.pdf
  • https://cdn.sqhk.co/kululojilo/Ohdu0vm/xiwiraw.pdf
  • https://cdn-cms.f-static.net/uploads/4420604/normal_602e7b89dfbfa.pdf
  • https://cdn.sqhk.co/tefivezik/MpkggQv/nunafewepexolebumogoter.pdf
  • http://levantegroup.net/relative_clauses_activities_intermediates2tap.pdf
  • https://cdn-cms.f-static.net/uploads/4480880/normal_6016fc9a2d723.pdf
  • https://lakofanagobogan.weebly.com/uploads/1/3/5/3/135386994/tivudozenezobapiw.pdf
  • http://1xbet-regi.site/five_nights_at_freddys_3_onlinei5fyd.pdf
  • http://help-verification.com/practical_skills_in_biologyey878.pdf
  • http://auth02mobility.com/guwinaziwoweo6lqe.pdf
  • http://gayerkan.com/9833228603o1jtn.pdf
  • https://cdn-cms.f-static.net/uploads/4368996/normal_60484b6bb8d2b.pdf
  • https://cdn-cms.f-static.net/uploads/4410201/normal_5fd7a361a8a95.pdf
  • http://natorg.fun/3211891854564hpv.pdf
  • https://static.s123-cdn-static.com/uploads/4403556/normal_5ffed3625c991.pdf
  • https://nunajamedagafep.weebly.com/uploads/1/3/5/3/135325778/lemugajaw.pdf
  • http://baltika-trans.ru/mastering_the_rockefeller_habits_summarya56kk.pdf
  • https://xuvetopugoseja.weebly.com/uploads/1/3/4/4/134484667/kobatajadumopaxelamu.pdf
  • https://cdn.sqhk.co/bujugasefoli/gfbuwhe/winter_warrior_costume.pdf
  • http://segwaywheelchair.ru/spanish_clep_test_study_guidexxysi.pdf
  • http://hayatevesigar.online/what_to_do_if_you_want_to_be_a_midwifexs14b.pdf
  • https://cdn.sqhk.co/girasufu/Qjgw6Jy/rayman_adventures_mod_apk_new_version.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://4f6c49ad-35c2-4e1b-a50e-a4ca4816ee30.filesusr.com/ugd/a28dad_c0d5d2d4d96445d68d59c3056f2276d3.pdf?index=true
  • https://5b2b9875-3923-4577-9ef6-0527498c95e7.filesusr.com/ugd/4e6dd5_17d86d287f5541d99b0aee22e92c5584.pdf?index=true
  • https://10bc5e17-7652-4c7e-9b43-999b3eb3b021.filesusr.com/ugd/5edc69_f2617bc8e2c446d3a152251a0b957621.pdf?index=true
  • https://a0bbd489-bf03-48a0-8e93-88abd0751e5b.filesusr.com/ugd/370ea2_7b15a6f762174168aeb7bfbad0e88d8e.pdf?index=true
  • https://28546a20-d0cc-4b82-bb4f-6711990cd5a3.filesusr.com/ugd/0bcf16_9a65928c9c5642f392d6f4eab273e0c8.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.