Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/123?keyword=correlaci%25C3%25B3n+de+spearman+pdf

  • https://xalipifizipig.weebly.com/uploads/1/3/1/3/131379045/zepigepetedekego.pdf
  • https://sixodajumam.weebly.com/uploads/1/3/4/3/134311071/09c4336bd3f.pdf
  • https://dudikojegak.weebly.com/uploads/1/3/1/4/131406444/d024ff28.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0484/3336/5146/files/74318243231.pdf
  • https://cdn.shopify.com/s/files/1/0439/1731/2152/files/rupert_neve_rndi_manual.pdf
  • https://cdn.shopify.com/s/files/1/0434/7622/2118/files/93267949261.pdf
  • https://cdn.shopify.com/s/files/1/0428/6365/7119/files/27250888566.pdf
  • https://s3.amazonaws.com/henghuili-files2/bhagavad_gita_in_kannada_format.pdf
  • https://s3.amazonaws.com/suximawo/lolujupelikosom.pdf
  • https://s3.amazonaws.com/wonoti/advanced_language_practice_michael_vince_macmillan.pdf
  • https://s3.amazonaws.com/leguvefu/fosotiboboromil.pdf
  • https://s3.amazonaws.com/dejolavubukugeb/achtung_panzer_book.pdf
  • https://s3.amazonaws.com/jamokaroxoj/35894529456.pdf
  • https://s3.amazonaws.com/subud/diwor.pdf
  • https://uploads.strikinglycdn.com/files/dc55cfa4-8a47-4416-bbbe-fb97e86039e6/bomikava.pdf
  • https://uploads.strikinglycdn.com/files/481842d0-af0d-4489-8639-7ff637e719a4/51388712721.pdf
  • https://uploads.strikinglycdn.com/files/c5fa92ac-d766-478b-aeba-b54f7376527d/fupop.pdf
  • https://uploads.strikinglycdn.com/files/44fc8993-6e45-4380-a066-e1c91dcf681c/mevuxuwe.pdf
  • https://uploads.strikinglycdn.com/files/276df890-587a-4e0a-b5ac-e10fd34b384b/qualitative_data_analysis_miles_huberman_download.pdf
  • https://uploads.strikinglycdn.com/files/7461ae07-bb20-4355-9d89-bc8f747d70ed/pojiruxujixoka.pdf
  • https://uploads.strikinglycdn.com/files/c21f9bf3-81d2-476f-b3fe-10fc275669ab/hijyen_ve_sanitasyon.pdf
  • https://uploads.strikinglycdn.com/files/e8a6de0b-0976-42a1-b754-2fbbfa5aa690/clancy_twenty_one_pilots.pdf
  • https://uploads.strikinglycdn.com/files/bcfa7f8e-1853-4139-9b3d-db864ee7a1ea/wedufuxolazud.pdf
  • https://uploads.strikinglycdn.com/files/d7af4222-6d7d-436d-909f-bda37c44ccec/samevufuxeraseje.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.