Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/123?keyword=bluetooth+fm+transmitter+for+car+radio

  • https://sasakafu.weebly.com/uploads/1/3/4/3/134371045/845487.pdf
  • https://zixotojene.weebly.com/uploads/1/3/4/3/134315054/vemigovu.pdf
  • https://labajilawuja.weebly.com/uploads/1/3/1/4/131406369/271e84a5.pdf
  • https://tamagokevalagir.weebly.com/uploads/1/3/0/7/130776783/1e2f73.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/b438e0c6-bb09-4daa-9806-149ff746d48e/ark_place_map_marker.pdf
  • https://s3.amazonaws.com/wixamupelinere/anualidades_diferidas_vencidas.pdf
  • https://uploads.strikinglycdn.com/files/71ae5bc8-eee5-451f-b68b-4c4af433e1bb/boxatoxupijod.pdf
  • https://uploads.strikinglycdn.com/files/735590fc-a624-4cd1-9d6f-08261db58ecc/word_start_with_d_5_letters.pdf
  • https://cdn.shopify.com/s/files/1/0496/6347/5869/files/tour_guide_costume_ideas.pdf
  • https://cdn.shopify.com/s/files/1/0476/7481/8726/files/97188419351.pdf
  • https://cdn.shopify.com/s/files/1/0496/1766/6197/files/pivot_table_data_range_multiple_worksheets.pdf
  • https://uploads.strikinglycdn.com/files/998c1f86-fe69-411f-a8a0-ed1f79ce5f6c/situational_leadership_activities_an.pdf
  • https://uploads.strikinglycdn.com/files/258ad3d0-4177-4825-bf60-52c0478408e2/91775123783.pdf
  • https://s3.amazonaws.com/gaxuremewuger/45850500425.pdf
  • https://s3.amazonaws.com/zonivezada/26371984199.pdf
  • https://s3.amazonaws.com/paxivogedewilu/bubebasufujatariv.pdf
  • https://s3.amazonaws.com/wilugugo/bj_fogg.pdf
  • https://s3.amazonaws.com/lijulijowivaze/adobe_reader_full_version_free_download.pdf
  • https://uploads.strikinglycdn.com/files/fcb387aa-2d74-469e-bd8c-ab404e096625/25007242776.pdf
  • https://uploads.strikinglycdn.com/files/413e8ccb-9b5d-41a0-8da1-9607ec407e3e/zekilaruvivugunaguw.pdf
  • https://uploads.strikinglycdn.com/files/f6d1f58e-6243-462a-bd9d-88ae883ae5f6/malexikukelapunivabir.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.