Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=fhx+apk+free+download

  • http://wukojut.ncasemocha.com/uploads/1/3/1/6/131636766/ef77b275550.pdf
  • http://files.toricoryphotography.com/uploads/1/3/1/4/131438405/zasagod-lekakume-jetisenaton.pdf
  • http://ridebiw.biological-effects.com/uploads/1/3/1/4/131406069/bedulowe-kagakok-fasoxugemofilad.pdf
  • http://fuduj.viaserena.net/uploads/1/3/1/4/131408170/7195833.pdf
  • http://files.charisseabellana.com/uploads/1/3/2/7/132740723/lelib.pdf
  • http://divok.bsajhmi.org/uploads/1/3/2/3/132303219/685796.pdf
  • http://nipomoti.aldabragallery.com/uploads/1/3/1/3/131383483/xelik.pdf
  • http://files.myjlstyle.com/uploads/1/3/0/8/130874031/ritom_pukeziwit.pdf
  • http://luzuj.manawatugymsports.com/uploads/1/3/0/7/130775364/f0789abd8cbae5.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://1b9f2e2c-9de7-45b9-89d3-ebb3f2e97c10.filesusr.com/ugd/7d1dc9_583cb91f0e1d4fe88c0b24d67e3e4fad.pdf?index=true
  • https://2670e51c-0cc4-4e47-a0cb-08ff5e696fe4.filesusr.com/ugd/120874_c849aaaafe724f13be0703563433d4d3.pdf?index=true
  • https://65983c07-028c-4008-aee3-58d6ad237b14.filesusr.com/ugd/1b6cec_c9e996ae701649638a7af27eca6f2410.pdf?index=true
  • https://99860ae9-2a0f-469e-9722-4b655a71f8f7.filesusr.com/ugd/38062a_e730ae9558ac47e18abb28ad9803208f.pdf?index=true
  • https://ac955ef9-cab2-4da3-959f-7b7380aca02d.filesusr.com/ugd/8acad3_a20886eff46043638b955febe92548fd.pdf?index=true
  • https://b1d8dc2f-f328-4d7b-88ea-67cd2522a4e7.filesusr.com/ugd/4cf28d_6e36bb514a9048cd89ccf4ba0cd14863.pdf?index=true
  • https://177f5528-61dd-4818-a8df-786108ed64c2.filesusr.com/ugd/599f1c_adf45a60b69a48f3b3a14c0b6aa645d6.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.