Malware Insights
The PDF document contains a large number of external links to other PDF files hosted on various domains, indicating a link farm or SEO spamming operation. The primary URL points to a page with the title 'Lecciones biblicas para niños de 9 a 12 años', suggesting a lure to attract users. The heuristic 'PDF_SEO_LINK_FARM' confirms the presence of 30 such links, with 'luxuryprintsllc.com' being a dominant host. No scripts were extracted, and the document body is heavily obfuscated, but the overall pattern suggests a malicious intent to drive traffic or potentially host further malicious content.
Heuristics 3
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://74-123-72-68.mgwnet.com/uploads/1/3/1/0/131070375/131070375.html#lecciones+biblicas+para+ni%C3%B1os+de+9+a+12+a%C3%B1os
- http://luxuryprintsllc.com/uploads/1/3/0/6/130640145/0386762e.pdf
- http://legal-atlas.info/uploads/1/3/0/3/130323612/7ec4bdf9785f112.pdf
- http://www.shelleycorr.com/uploads/1/3/0/6/130604500/61e8ee.pdf
- http://webdisk.legendarystrengthgym.com/uploads/1/3/0/4/130477026/aabdf.pdf
- http://helioxcapital.com/uploads/1/3/0/5/130543979/fuxib-dujodowimixin.pdf
- http://myonebighappyphotography.com/uploads/1/3/0/3/130323526/6846328.pdf
- http://bibleworld.us/uploads/1/3/0/8/130814666/namawazetig.pdf
- http://220-servint.peersnetwork.org/uploads/1/3/0/6/130620923/koxezeriroruwitife.pdf
- http://movethissite777.com/uploads/1/3/0/6/130621083/251fc77a.pdf
- http://regos.info/uploads/1/3/0/9/130969339/971760.pdf
- http://bequialandandhome.net/uploads/1/3/0/7/130776649/3645796.pdf
- http://makeupandhairbyrenee.org/uploads/1/3/0/7/130739625/vijekuxosobebipesij.pdf
- http://slmgrp.com/uploads/1/3/0/3/130379232/a14d623357.pdf
- http://rioverdeconstruction.com/uploads/1/3/0/2/130271030/kutugi.pdf
- http://littlesweetlove.com/uploads/1/3/0/5/130590582/4625121.pdf
- http://mta-sts.secondtonunframery.org/uploads/1/3/1/0/131069910/kexulofeva.pdf
- http://thecrossoverstocktie.com/uploads/1/3/0/6/130640040/mugoma-rukipefiji-wilepugodi-madolufebud.pdf
- http://mondodeldrone.com/uploads/1/3/0/4/130476034/e5047d958f6.pdf
- http://dietcenterconway.com/uploads/1/3/0/6/130620232/dagiwamew.pdf
- http://jeanmichelrabate.org/uploads/1/3/0/6/130621196/xukogajisujiwi.pdf
- http://leadcorpus.com/uploads/1/3/0/2/130291531/kupijaliludigo-seruberelumedu-rinivunujutef-wemelalav.pdf
- http://www.totallyquilts.com/uploads/1/3/0/7/130775743/985445.pdf
- http://angelabusiness.com/uploads/1/3/0/6/130604716/8406710.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008efb.bina9ca21c75fb9f11199dc42341a3f06b54ecee8f81a3be645f581cf5ee175c568 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8EFB | 9592 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.