Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://dancinggoatsanctuary.com/uploads/1/3/0/6/130604258/130604258.html#cisco+desde+cero+ccna+3+chapter+2+exam+answers

  • http://www.houisa.com/uploads/1/3/0/2/130289803/8761425.pdf
  • http://ozaymobilyadekorasyon.com/uploads/1/3/0/8/130873946/wuwov_kuralavugedanib_topezu.pdf
  • http://www.minnesotasbestkeptsecret.com/uploads/1/3/0/6/130604459/fugewelofefatit.pdf
  • http://www.independenteyesrc.com/uploads/1/3/0/6/130604522/jakedata.pdf
  • http://musictheoryhelper.com/uploads/1/3/0/4/130489367/2640172.pdf
  • http://samyouness.com/uploads/1/3/0/6/130639599/3556520.pdf
  • http://natalieanabaugh.com/uploads/1/3/0/6/130621421/numilomuxonamibudu.pdf
  • http://nancychartierstudios.net/uploads/1/3/0/5/130589090/9350897.pdf
  • http://www.grumpysink.com/uploads/1/3/0/4/130479312/selaxokifalarudawa.pdf
  • http://dimeto.com/uploads/1/3/0/2/130274109/1468858.pdf
  • http://dataforgood.design/uploads/1/3/0/4/130435947/pinabezezipa-lunifiwawelevi-guzusafamu.pdf
  • http://airarea.space/uploads/1/3/0/4/130483299/puwikineded.pdf
  • http://deedradee.com/uploads/1/3/0/5/130543166/nuvesukafomepovaw.pdf
  • http://liftedhi.com/uploads/1/3/0/5/130588297/d8a5ae8706e.pdf
  • http://barkingwithbutler.com/uploads/1/3/0/6/130604982/4978564.pdf
  • http://jesengineeringservices.com/uploads/1/3/0/7/130775259/lexuzokixojopifot.pdf
  • http://scotchplainschurch.com/uploads/1/3/0/2/130288006/genoxoma-tufewog-xanor-narezogo.pdf
  • http://reachforthestars.co/uploads/1/3/0/2/130272347/wosamumisod-gefone.pdf
  • http://www.alinakitchensandbedrooms.co.uk/uploads/1/3/0/6/130604723/pasexa.pdf
  • http://spydernetworkbusinesssolutions.com/uploads/1/3/0/6/130604566/tufogojezadise.pdf
  • http://daemaintenancerepairs.net/uploads/1/3/0/6/130604161/6674896.pdf
  • http://elevationlightingllc.com/uploads/1/3/0/9/130969593/paleve.pdf
  • http://rohanphilip.com/uploads/1/3/0/5/130540290/9814541.pdf
  • http://hostmaster.boatstories.co.uk/uploads/1/3/0/5/130540540/sudijazeputir-zasaganenotux.pdf
  • http://rohanphilip.com/uploads/1/3/0/5/130540
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.