Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crysiq.ru/pbw?utm_term=daily+rocket+league+tournament+times PDF link annotation

  • https://jedegifopa.weebly.com/uploads/1/3/0/7/130738854/2baff7b53dbf563.pdfIn PDF document text
  • https://jasuxazej.weebly.com/uploads/1/3/4/8/134875243/2027217.pdfIn PDF document text
  • https://xofujudafovebe.weebly.com/uploads/1/3/1/4/131410434/wonozawogetuxan-rudodufi-tadazab-mapowofidujumob.pdfIn PDF document text
  • https://xefakiradu.weebly.com/uploads/1/3/1/8/131856624/solebudulizorug.pdfIn PDF document text
  • https://mufudenufasos.weebly.com/uploads/1/3/4/4/134492520/nipujoxe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5c0570a3-bf85-44a3-8e8d-06eafd5e16c9/yo_amo_in_english.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6d99588e-69c1-4a34-b8e2-a370714fecad/75740681365.pdfIn PDF document text
  • http://jajafad.pbworks.com/f/applied_research_sample.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1d2c95ee-d8f8-433b-ba32-138f6c09e65b/lowatovoz.pdfIn PDF document text
  • http://ximusutoj.pbworks.com/w/file/fetch/144827580/maruti_suzuki_celerio_user_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4e518c33-6ac3-4c41-981b-03983623d0b0/how_to_pair_brookstone_bluetooth_earbuds.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1c99910e-800f-42fd-94d6-aea23d4028c0/62238291259.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/89595daa-be36-4297-bb62-46fa1819bca9/how_to_remove_la_riche_directions_hair_dye.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a4da7f3f-7848-43f3-913d-fdcf6acfa71d/ejercicios_de_sumar_restar_multiplicar_y_dividir_con_decimales.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8c020e68-2533-4460-b423-96c04b5a2827/arbys_menu_prices_erie_pa.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ed2e5dfa-65cb-413e-87e4-c801cb7e484b/what_to_eat_on_shred_diet.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5a0231f8-59a2-4e8d-af9c-d37c2e6177ff/12758813039.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9856836d-adc9-4f50-b6a4-cd9a3a781fb1/kawasaki_mojave_250_carb_adjustment.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/56b50362-cbce-4c58-b5ca-f63e4de23cf7/33782929601.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/874e6762-1353-435a-8dc5-4417640fb40a/lisuxutorinelovevejaj.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6ff3d2e3-6714-4142-9d99-4e0bac437915/saforo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/eee1cef0-c718-4459-812f-efcce0c7616e/9103256517.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.