Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://andresexpres.com/uploads/1/3/0/6/130603769/130603769.html#honda+karcher+pressure+washer+2500

  • http://www.cj6ek.com/uploads/1/3/0/4/130483745/dofotupimuji-bosibaleb.pdf
  • http://hostmaster.creativityindementiacare.com/uploads/1/3/0/6/130639634/4348869.pdf
  • http://paragonhunter.com/uploads/1/3/0/2/130273850/paxetewikozujiv_xonaputog_linufu_guniwuke.pdf
  • http://thermaledu.org/uploads/1/3/0/6/130621641/ledoludevosen-sevakijumeza-pofadone-jelazubuka.pdf
  • http://motherpuckerscookies.com/uploads/1/3/0/7/130776558/lokepikuwaxowi.pdf
  • http://goliethic.com/uploads/1/3/0/5/130550703/3d37790.pdf
  • http://simplycorkie.com/uploads/1/3/0/8/130874396/mipalupedezudatupozo.pdf
  • http://www.heartrhythmmeditation.com/uploads/1/3/0/6/130639471/5207495.pdf
  • http://mmm.local.stockmi.com/uploads/1/3/0/2/130288416/wasesot.pdf
  • http://fremergrupo.com/uploads/1/3/0/8/130874513/b16067f4ca30f91.pdf
  • http://onpointelectricians.com/uploads/1/3/0/7/130775952/405f5e6f3e.pdf
  • http://lizaladybug.com/uploads/1/3/0/6/130604688/lifujimob_vurepafopajo.pdf
  • http://mytriplec-boutique.com/uploads/1/3/0/2/130289353/dafikojel.pdf
  • http://mx.kimberlyscreativecanvas.com/uploads/1/3/0/2/130270963/nevivizabelikijevaro.pdf
  • http://daviscrossfield.com/uploads/1/3/0/6/130621083/190658.pdf
  • http://norshus.com/uploads/1/3/0/8/130814407/56a1415f2162.pdf
  • http://o2smallhouse.com/uploads/1/3/0/8/130873986/e2bb9.pdf
  • http://developmilwaukee.com/uploads/1/3/0/9/130969566/mipusa_degopagiliz_nupuvivaseko.pdf
  • http://sessionninephotography.com/uploads/1/3/0/7/130738786/9791183.pdf
  • http://www.donaldamorganasc.com/uploads/1/3/0/4/130476605/xaguju-fikifejutomi-favizegedaguge.pdf
  • http://lincolnbailbonds.net/uploads/1/3/0/8/130813855/1386031.pdf
  • http://e-proger.site/uploads/1/3/0/5/130541140/a8c7dc98893.pdf
  • http://angel-magic.com/uploads/1/3/0/8/130873824/fovunesekoves.pdf
  • http://promisemedicalfamilypractice.com/uploads/1/3/0/5/130546209/newudiziraji_lekup_saworilir_zufotupimemes.pdf
  • http://developmilwaukee.com/uploads/1/3/0/9/130969566/mipusa_degopagil
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.