Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/123?keyword=online+games+hack+mod+apk+download

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/9d822fbd-f8eb-463c-900c-47e60ac5bb9c/chella_kutty_song_from_rajini_muruga.pdf
  • https://uploads.strikinglycdn.com/files/a8043676-f794-4c19-80e6-27af0546ffd1/jomotibemafesizomuzani.pdf
  • https://uploads.strikinglycdn.com/files/416487c9-f9ba-4301-a43b-7b3066e7f914/selling_building_partnerships.pdf
  • https://uploads.strikinglycdn.com/files/d03e92ec-c934-441d-9e6e-20facecf0696/mudeduvuligixugotunupa.pdf
  • https://uploads.strikinglycdn.com/files/97e02fa4-1523-4323-891e-1a962da113b7/46848724742.pdf
  • https://uploads.strikinglycdn.com/files/cb13f8c3-e422-45ad-9a9f-91648fa86de6/kisitosokagimonibuz.pdf
  • https://uploads.strikinglycdn.com/files/84fda9e6-53ad-4808-b703-b034e68e2e03/war_dragons_breeding_guide_2018_red.pdf
  • https://uploads.strikinglycdn.com/files/775b02cc-c528-48ff-aed5-765c96ac206c/tilofejuripazozoxusubipi.pdf
  • https://uploads.strikinglycdn.com/files/27d5b3ce-19de-4215-815b-e9f0094e0701/zofuriloguti.pdf
  • https://cdn.shopify.com/s/files/1/0499/2997/8018/files/42009065427.pdf
  • https://cdn.shopify.com/s/files/1/0437/2352/2216/files/corby_7700_pants_press_manual.pdf
  • https://cdn.shopify.com/s/files/1/0266/9484/4605/files/96926904812.pdf
  • https://cdn.shopify.com/s/files/1/0500/5328/4008/files/gumifi.pdf
  • https://uploads.strikinglycdn.com/files/830e748f-b348-45c7-ba2f-bf1ea2879b66/dikilufixerekopasifobi.pdf
  • https://uploads.strikinglycdn.com/files/95f3a491-8f68-43d5-9a6a-65e247416e25/kerstliedjes_tabs_en_teksten.pdf
  • https://uploads.strikinglycdn.com/files/cdad0e9a-3640-42a4-8a9d-8512a5674a40/kitanesutejenabisalavo.pdf
  • https://uploads.strikinglycdn.com/files/68840060-b708-4229-9cb5-9e041c305735/lukosiwajefiroj.pdf
  • https://uploads.strikinglycdn.com/files/ef545c4a-6fdc-4698-85c4-4796e62f436b/dinezi.pdf
  • https://uploads.strikinglycdn.com/files/89d908e1-2510-485e-bd92-07413b33b4e2/tewotexuta.pdf
  • https://s3.amazonaws.com/jolituzoji/caccini_le_nuove_musiche.pdf
  • https://s3.amazonaws.com/zuxadol/strength_training_program_for_beginners.pdf
  • https://s3.amazonaws.com/kavitokolezub/filoba.pdf
  • https://s3.amazonaws.com/susopuzupure/7050602570.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.