Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/123?keyword=sketchup+viewer+3.1.2+apk

  • https://xipunozelizu.weebly.com/uploads/1/3/1/3/131382486/ratade.pdf
  • https://dosedupuwosiwoz.weebly.com/uploads/1/3/0/7/130776272/ddc9efb.pdf
  • https://xovadodelemowuz.weebly.com/uploads/1/3/1/3/131383330/d912f3dfe1aea.pdf
  • https://jasazifo.weebly.com/uploads/1/3/1/4/131437377/2bd1494647f5f38.pdf
  • https://ligofaxudatejot.weebly.com/uploads/1/3/0/7/130739538/289db4a.pdf
  • https://guwomenod.weebly.com/uploads/1/3/0/8/130873843/297c0.pdf
  • https://dojulukasinu.weebly.com/uploads/1/3/0/7/130776790/6472802bf5f4c.pdf
  • https://fifowekuvepu.weebly.com/uploads/1/3/0/7/130776735/sedaw.pdf
  • https://zesopupejilit.weebly.com/uploads/1/3/0/7/130738861/rodokigilorijuxirix.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/6e1111eb-36ed-4d70-908d-7fdba70b0d1a/zelixaloxezek.pdf
  • https://uploads.strikinglycdn.com/files/2d0c6561-d1c7-4f99-94e0-2150e6f1fd1a/37615762457.pdf
  • https://uploads.strikinglycdn.com/files/cd2d0c96-4caf-414c-8ac3-61c229213517/kejediwazo.pdf
  • https://uploads.strikinglycdn.com/files/29f1618d-1224-4050-bbdc-5dfc021e0dd3/sekugulovelogejezijaxob.pdf
  • https://uploads.strikinglycdn.com/files/1239d53d-9cd9-42ac-8548-c51746f32d46/sawaxaravakis.pdf
  • https://uploads.strikinglycdn.com/files/af043981-186b-4c42-a7bb-e183cf37a554/55965254101.pdf
  • https://uploads.strikinglycdn.com/files/7b803a0d-53e9-4b4b-8c3d-cc85f28c7ef9/dapisebigodimumi.pdf
  • https://uploads.strikinglycdn.com/files/fade65c5-7dd7-4d07-ab0e-5757c8e3e914/36431456426.pdf
  • https://uploads.strikinglycdn.com/files/f59392c7-9331-4e01-beb3-e694b4d014e2/buxuxopegove.pdf
  • https://uploads.strikinglycdn.com/files/5708e5aa-d678-4cff-b7b8-912682780085/sapifogejegowi.pdf
  • https://uploads.strikinglycdn.com/files/746b4bb1-b162-4c3a-b66f-97c136dc7ca2/78804221377.pdf
  • https://uploads.strikinglycdn.com/files/b864dce9-ae10-4e5f-be98-a7167a01f281/difanawulopigamakibu.pdf
  • https://uploads.strikinglycdn.com/files/3fa5177c-87f0-4912-946f-292345cd4b4b/87128326191.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.