Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/aws?keyword=fake+science+monthly In PDF document text

  • https://bubawupuga.weebly.com/uploads/1/3/4/3/134380130/nobizolisar.pdfIn PDF document text
  • https://firedisivimi.weebly.com/uploads/1/3/0/9/130969818/8671433.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/d0210b8a-37b4-4434-ac10-51ee166ac9bb/rikadojesovakorizi.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0505/0305/7572/files/10011054840.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0438/1379/8050/files/73850924782.pdfIn PDF document text
  • https://s3.amazonaws.com/lojigevaxive/84029700381.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0502/6683/3093/files/schwinn_le_tour_tire_size.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0437/4154/4599/files/cthulhu_wars_manual_espaol.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7658682c-9c38-4634-920a-24f2d6ead845/94764097849.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0484/3588/8296/files/zovokabaje.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/129873c4-0acb-48fb-89d2-f6a6f6cc9349/pegaxuzuregeduwefofamif.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d4f4d5bf-96f7-474b-9692-e1b61712bf57/arapa_trke_szlk_online.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0481/6794/4341/files/android_tivi_sony_75_inch_kd-75x8500f.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a82a2033-a693-4b6e-9dae-bc3c7a23c9a5/65921942109.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fe0457fc-3f8e-4423-af3b-717a6811bbfd/28252548718.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.