Malicious PDF — malware analysis report

Heuristics 6

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Remote-support tool lure high SE_REMOTE_SUPPORT_LURE
  Document instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/123?utm_term=alternate+start+fallout+4

  • https://jozipomona.weebly.com/uploads/1/3/4/4/134479443/c2c77c7.pdf
  • https://buxiniti.weebly.com/uploads/1/3/4/3/134309366/2596952.pdf
  • https://dimaxafazeza.weebly.com/uploads/1/3/1/4/131453031/porukofosu.pdf
  • https://komanibinepo.weebly.com/uploads/1/3/4/5/134588578/d3949c294e7209.pdf
  • https://zofomuwane.weebly.com/uploads/1/3/4/0/134040850/rugazokapano.pdf
  • https://wojeribexojuxu.weebly.com/uploads/1/3/1/8/131856158/e354a7809599.pdf
  • https://xesaranit.weebly.com/uploads/1/3/2/6/132696194/1256912.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/wixanarer/98567826582.pdf
  • https://s3.amazonaws.com/rixevozajixezos/super_mario_64_16_star_route.pdf
  • https://uploads.strikinglycdn.com/files/fe58b386-6ae8-402d-8d51-f0d07e07f60d/sivusutirofitij.pdf
  • https://s3.amazonaws.com/jedaxopopuko/vojoxobunejuxi.pdf
  • https://uploads.strikinglycdn.com/files/bfd3d309-47a2-45de-9c15-324a56a92637/lefapumesomo.pdf
  • https://s3.amazonaws.com/mubefula/arteria_cerebral_media.pdf
  • https://uploads.strikinglycdn.com/files/37484a16-5aa6-4f28-9fcc-ae3c887e3301/29570447089.pdf
  • https://uploads.strikinglycdn.com/files/8f4981fd-3bed-40cb-908a-af3a91572dc6/lerodewitilokego.pdf
  • https://uploads.strikinglycdn.com/files/7b8ef8b2-6aca-4d8f-9e03-786a3ccd9067/29184416261.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.