Malicious PDF — malware analysis report

Heuristics 4

• Secondary embedded PDF body has suspicious static findings high POLYGLOT_CHILD_PDF_STATIC_TRIAGE
  A valid PDF body was found at a nonzero offset inside another container and its carved contents matched PDF exploit or lure heuristics. This catches polyglots where the top-level magic routes to ZIP/OLE while a PDF reader or downstream parser opens the hidden PDF payload.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://dubaipropertyrentals.net/perhapsactual/momentfield.php/vf_GctvbexrnxrhwYt_iPxsnYrQnsG16236386s.pdf In PDF document text

  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/GhPi_lbv16236403Just.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YflhubG_mwafdQbhioJiJhmlfan16236551so.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/coGtddJibcwsvlz_bQG16204584x.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YzuxwaeohimmsllQ16204149_ku.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/rnvPYronu__Qkzubfkcizrh16204184_wJ.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/QcscixazomsP16236676z.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/laQPPotaarmYm16204140svfs.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/huhsdtQfancPnwJGrltvPm16236575_.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/fJhk_16236656cuG.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dvofidewrtnmk_nlaxocP16204664omhs.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/mcdxoJhPnnYkusbrlQwdoYsQ16203846k.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/biJsbfnPd_nsPule_YfPc16236384ovJf.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/fbowbQbGGtsaPYQbctxzueJvh16236553h.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/JoJxPtxsei16236436Y.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wiwsJzno16236612J.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YeYtwtzb_oJkvQ16236634zQf.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/eidasJwPufwYQbGwvctzwfasxw16203856oQ.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/cGcYnGcJlnPQerhz16236387bviQ.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wna_awfrrxYuPfJPxm_aidmkb16203983Jiz.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/_edhlbxneselumbkcnQa16203785lx.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/hsx_lxovnscQQGGduoixYu16236646zfb.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/nsehwu16236614Qt.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/f_cftoxmitrPbdfssefJQ_Pi16236446J.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/xzn16204093cu.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/nwu_GPrmsnzsGuvh16236434Ju.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/xklnxPnwcl16236399fz.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/msQ16204163lc.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/zGzxdlmtrQrahbredbrJsPznvxY16204661Pi.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wtxoazxred_kPbchvoak16204014d.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/mofexaow16236430Jd.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/mhflGJdJPix16236512Jn.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/bxfiYruha16204089tmc.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/vGeuwebhdrxueducbwbGrksxrctvd16204617rGxn.pdfIn PDF document text
  • http://immaculatebaking.com/wp-content/uploads/2013/03/Yw_Qxhakwm_buhcadbfu3770924.pdfIn PDF document text
  • http://www.north-star-lofts.com/about/nsasGcamidYJizacGQa_i14637357nzz.pdfIn PDF document text
  • http://trinketsltd.com/linda/PsPnQsdfz12790470iYbf.pdfIn PDF document text
  • http://healthlink.org.au/educationlevel/dQrQxi15592061c.pdfIn PDF document text
  • http://www.north-star-lofts.com/about/vuatYeGxYYeeJxaGlvlrnoxGaJoJtu14637441vht.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dkhvfmlxmzivvJ16203824ux.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wccfbar_JzYm_bdcfrenctnz16204559oP.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/hkeJosrr_eok_zQQxlxrJ_Pbb16236600osQx.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/xkQiiGluoo16203989zk.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/zhtiuvPQlQoddtsz16204054Yz.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wdYvnceYh16204676nle.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/_xaJiYfuixzwmitesxtJwY16204196zmG.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dxdGdtJcJccin_YkJGishdsikafc16236525hot.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/mmnQ16236636lQk.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/QflvQzrxJzehoYwvPv__QvQ_bnzk16236402uac.pdfIn PDF document text
  • http://dubaipropertyrentals.net/perhapsactual/momentfield.php/v_dwGJfdJawxlhrdbhbYQr_J16204490J_s.pdfIn PDF document text

  +96 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.