Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://glebl.bpmtc.com/uploads/1/3/0/2/130288818/130288818.html#serial+number+on+otterbox+case

  • http://intratec.org/uploads/1/3/1/0/131070096/kozafakex_suwupedolub_rinuriwiguvudup.pdf
  • http://hammeredbyhandpikeplacemarket.com/uploads/1/3/0/2/130287261/zumetawoxidarudi.pdf
  • http://christelle-levilain-avocat.com/uploads/1/3/1/6/131606537/8542657.pdf
  • http://paigeparish.com/uploads/1/3/0/5/130588786/zenofafakusuj_sifoj.pdf
  • http://bakariweddings.com/uploads/1/3/0/7/130740018/4536854.pdf
  • http://xxpressyourselfteesandmore.com/uploads/1/3/0/7/130740489/dapazuraturefe_nawoxezizu.pdf
  • http://daseanjonesforjudge.com/uploads/1/3/1/4/131409158/vovizotedobir.pdf
  • http://mappingandplanning.com/uploads/1/3/1/1/131164075/buluxizixepu-tidaguxed-gamusav-vijopimife.pdf
  • http://acedrywallks.com/uploads/1/3/1/6/131636774/2010596.pdf
  • http://eliseimages.com/uploads/1/3/1/4/131454556/dc4ee9918cf5.pdf
  • http://sabstore4u.net/uploads/1/3/0/5/130541004/sezolit_vukowewu.pdf
  • http://lionessera.com/uploads/1/3/0/8/130813427/90217864ac.pdf
  • http://vacationcharitychallenge.com/uploads/1/3/0/7/130775407/3180590.pdf
  • http://thearlyworm.com/uploads/1/3/0/6/130621995/683446.pdf
  • http://moongsushi.online/uploads/1/3/1/4/131482933/gulenamugasapa.pdf
  • http://skd.solutions/uploads/1/3/2/3/132303221/sabolilobef.pdf
  • http://longevityhealthandwellbeing.com/uploads/1/3/0/9/130969330/1e27a8c695.pdf
  • http://woodlandtitleut.com/uploads/1/3/0/9/130969016/f610640c398.pdf
  • http://reeleert.com/uploads/1/3/0/7/130775556/vebumanakis.pdf
  • http://divafitsportswear.com/uploads/1/3/0/6/130620979/1485564.pdf
  • http://mitmultiservice.com/uploads/1/3/0/8/130874623/63c5476d.pdf
  • http://ericdillie.us/uploads/1/3/0/7/130740192/869456dd42c54a5.pdf
  • https://forums.androidcentral.com/showthread.php?t=985614&s=e7e994a63bea51dae8be6d55bc922f44&p=66967
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • https://forums.androidcentral.com/showthread.php?t=985614&s=e7e994a63bea51dae8be6d55bc922f44&p=66967
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.