Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dafemum.ru/award?keyword=articulatory+phonetics+pdf PDF link annotation

  • http://wonozudobitisog.scienceontheweb.net/used_ransome_bobcat_mower_for_sale.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4495246/normal_5fc5e83115fb1.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4456998/normal_5fc56c3ba40d1.pdfIn PDF document text
  • http://fozivot.mypressonline.com/biblioteca_de_alejandria_historia.pdfIn PDF document text
  • http://jedilinosur.mywebcommunity.org/14575949623.pdfIn PDF document text
  • https://wufomuwu.weebly.com/uploads/1/3/0/9/130969972/nebawumedagari.pdfIn PDF document text
  • https://bazodezivif.weebly.com/uploads/1/3/6/0/136088162/9132844.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4411218/normal_6037cc5fb878c.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4371497/normal_5fcdbe84ad7c3.pdfIn PDF document text
  • https://fidegobopoj.weebly.com/uploads/1/3/2/8/132815019/fevefex-pumovarurele.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4426425/normal_601123fb60f43.pdfIn PDF document text
  • http://vowewudimo.mypressonline.com/10133285742.pdfIn PDF document text
  • http://rajajime.mypressonline.com/24680361917.pdfIn PDF document text
  • https://s3.amazonaws.com/wozowuledij/discuss_the_significance_of_rivers_in_the_negro_speaks_of_rivers.pdfIn PDF document text
  • https://6776ac3f-883f-499f-bc52-38dff818ec46.filesusr.com/ugd/969751_1e0528abe61f40e6b957c63844ed0dab.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/zaxawetawupo/7104518443.pdfIn PDF document text
  • https://0df22b04-17ae-4e65-9af8-3af4445b4601.filesusr.com/ugd/71fd01_214e1456e47e43a0a4eec3251efe222a.pdf?index=trueIn PDF document text
  • https://c0cead0d-5248-483d-940e-95cc3acd9bde.filesusr.com/ugd/20d83a_79ca96480df347bdb5c6eabc0a3c26e4.pdf?index=trueIn PDF document text
  • https://58eafb2e-ea74-4523-a1b2-d2e0fe9bfe54.filesusr.com/ugd/466fa0_7e43666d62fb4acf9d2716327c913b47.pdf?index=trueIn PDF document text
  • http://xijewixevav.onlinewebshop.net/55403951409.pdfIn PDF document text
  • https://9849c7ec-8b19-4b81-9a64-db2537ea7c40.filesusr.com/ugd/97b1c0_9ef7cd70edf244a1b81043345669af68.pdf?index=trueIn PDF document text
  • http://wilaroxu.atwebpages.com/cual_es_el_significado_de_la_palabra_guerra_de_guerrillas.pdfIn PDF document text
  • https://s3.amazonaws.com/wujixus/what_role_does_the_committee_chairman_play_in_congress.pdfIn PDF document text
  • https://s3.amazonaws.com/goviwigax/physical_science_review_worksheet_answer_key.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.