Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/strik?utm_term=class+10+footprints+without+feet+chapter+8+question+answer PDF link annotation

  • https://xitozenajoxoge.weebly.com/uploads/1/3/2/6/132681812/5165900.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4387230/normal_60205721d3f36.pdfIn PDF document text
  • https://zapirawega.weebly.com/uploads/1/3/0/9/130969804/8234489.pdfIn PDF document text
  • https://lojixakukitut.weebly.com/uploads/1/3/4/6/134605905/watelov.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4425909/normal_605f63cc4fd99.pdfIn PDF document text
  • https://bavipakodotem.weebly.com/uploads/1/3/5/9/135958795/5032308.pdfIn PDF document text
  • https://xepekozodixati.weebly.com/uploads/1/3/5/3/135346226/dcebc0650911.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4367632/normal_600b69e4a5402.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/87cc48f4-0c9f-49a1-a857-108b02f86338/would_you_rather_cute_questions.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/68207f77-f8fa-40a2-9787-19d6978447b0/what_is_the_purpose_of_the_queen_mab_speech.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/58f736e2-3af1-4add-8ca9-aa1c1e001830/12737036813.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/68ef558e-aa41-4934-8778-0effa07d5672/4354850501.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/afd2fcb8-caa2-483c-aa2e-a3ff59a45546/56050233939.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9c3d0737-9c54-4ac0-8c79-dabd96b0d120/manevedorefederenaserose.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e0c1ad9d-b181-45db-8b32-57a79ac7a556/6565163033.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/faa7c41e-b296-4f15-86af-b50a9ff2f10e/50286871211.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0c4006c1-8f85-4e0b-a0b2-73eb9c740f39/fuwitibifuzapofutemoxoja.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/00372846-09f2-4c7b-bda6-f0a7335ead51/gufejetu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/11bab66c-872f-4247-9539-8cc92672d3a4/fun_run_boosterthon_rewards.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8289993c-f556-4acf-9ccc-89ca5332fa3f/jusunemalotaramasi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5bdf694f-e714-4ad5-9955-0ef6515f060e/naxebetodisud.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e44f7793-7981-40fe-9851-e63d1fd39683/vulemo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d701ae24-70da-411f-a88e-f1fdac11a26e/apa_itu_frappuccino_starbucks.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2bc5ff5a-d150-4bfc-9723-59375a54a2a8/vishnu_sahasranama_names.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7705a6bb-4ff3-4a72-adf7-874d1737f2af/gipirodobutunewa.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f484e811-bdd6-4e34-8144-4cd77941ca68/dirt_devil_power_express_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6b9953ea-3919-4993-be0d-cac203d215d3/eurodesk_sx2442fx_tutorial.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/47193417-1e46-422a-ad4e-6b6e06cfaab0/aw139_flight_manual.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.