Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://soxebez.ru/aws?utm_term=prefix+word+for+gregarious PDF link annotation

  • https://girawosanisab.weebly.com/uploads/1/3/0/7/130740609/fobosovumejonabil.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4491933/normal_5fd119dcf0a66.pdfIn PDF document text
  • https://gujejitemisadud.weebly.com/uploads/1/3/4/3/134354005/4c6d07deb.pdfIn PDF document text
  • https://koxowuberes.weebly.com/uploads/1/3/1/3/131379375/a93f8d43587.pdfIn PDF document text
  • https://nepubodi.weebly.com/uploads/1/3/4/6/134610278/tajedajarovit_tumoxibaso_forez_woxokewi.pdfIn PDF document text
  • https://jumuwaxenu.weebly.com/uploads/1/3/1/4/131406560/5870268.pdfIn PDF document text
  • https://ginixagizelak.weebly.com/uploads/1/3/5/3/135349131/muvajuzufawo.pdfIn PDF document text
  • https://kitopelok.weebly.com/uploads/1/3/4/3/134355781/lerujil-punuresogujabom.pdfIn PDF document text
  • https://nunipotewisi.weebly.com/uploads/1/3/4/8/134892443/5235131.pdfIn PDF document text
  • https://puviguwa.weebly.com/uploads/1/3/0/7/130776677/71c09d38421d.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4412775/normal_5fc5c42fa8aed.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4502268/normal_5fc7a07901a5e.pdfIn PDF document text
  • https://vikabedegopeve.weebly.com/uploads/1/3/0/8/130874339/6993406.pdfIn PDF document text
  • https://kiruxujekan.weebly.com/uploads/1/3/2/7/132740547/judeminozodefunokum.pdfIn PDF document text
  • https://zatuduxe.weebly.com/uploads/1/3/4/5/134595584/9821782.pdfIn PDF document text
  • https://nolaxefipox.weebly.com/uploads/1/3/4/7/134740184/e8f8c341b0.pdfIn PDF document text
  • https://fejajeger.weebly.com/uploads/1/3/4/6/134614243/fd67ca0.pdfIn PDF document text
  • https://voxalasodakuro.weebly.com/uploads/1/3/4/0/134042561/223cb1bccb48.pdfIn PDF document text
  • https://zolefixu.weebly.com/uploads/1/3/4/4/134432518/4014701.pdfIn PDF document text
  • https://tefakunuti.weebly.com/uploads/1/3/1/8/131871494/pogim.pdfIn PDF document text
  • https://gulekikafosevog.weebly.com/uploads/1/3/2/3/132303175/f51177a54fca080.pdfIn PDF document text
  • https://poxefapujo.weebly.com/uploads/1/3/5/3/135312596/8422848.pdfIn PDF document text
  • https://foxaxefaga.weebly.com/uploads/1/3/1/3/131398491/gevasujuma-tejos-netosamufituzon.pdfIn PDF document text
  • http://pusevim.epizy.com/barbie_dreamhouse_party_game_free.pdfIn PDF document text
  • http://nabunuwo.epizy.com/a_practice_grammar_of_german.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.