Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/123?keyword=extractables+and+leachables+fda+guidelines

  • https://liwobolavus.weebly.com/uploads/1/3/4/1/134131542/kutumoxileliwadig.pdf
  • https://sabijodamibig.weebly.com/uploads/1/3/0/7/130775907/tipada_lorewiwutewuren.pdf
  • https://sijevunima.weebly.com/uploads/1/3/1/8/131859613/jududuxokukas-povavaxexadiliv-fiwokevewa-sovetago.pdf
  • https://cdn-cms.f-static.net/uploads/4369928/normal_5f88ab02b132d.pdf
  • https://cdn-cms.f-static.net/uploads/4369522/normal_5f8bf7dc4e397.pdf
  • https://cdn-cms.f-static.net/uploads/4379606/normal_5f94d1f9c4f07.pdf
  • https://cdn-cms.f-static.net/uploads/4370780/normal_5f90ba6813ede.pdf
  • https://cdn-cms.f-static.net/uploads/4377410/normal_5f90d614bf667.pdf
  • https://cdn-cms.f-static.net/uploads/4369518/normal_5f87e0c232cfc.pdf
  • https://cdn-cms.f-static.net/uploads/4393762/normal_5f93b1fcb7dec.pdf
  • https://cdn-cms.f-static.net/uploads/4369933/normal_5f8c7851eba08.pdf
  • https://cdn-cms.f-static.net/uploads/4393193/normal_5f91e3dd9f309.pdf
  • https://cdn-cms.f-static.net/uploads/4375351/normal_5f89980ef2ac7.pdf
  • https://cdn-cms.f-static.net/uploads/4380680/normal_5f91f8c7ac0ce.pdf
  • https://cdn-cms.f-static.net/uploads/4376612/normal_5f9123d2d8f13.pdf
  • https://cdn-cms.f-static.net/uploads/4368756/normal_5f8d31aa3f8be.pdf
  • https://cdn-cms.f-static.net/uploads/4365636/normal_5f88ae683e36a.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0432/9383/5432/files/audi_a4_allroad_2020_owners_manual.pdf
  • https://cdn.shopify.com/s/files/1/0468/8320/9373/files/7219740233.pdf
  • https://cdn.shopify.com/s/files/1/0484/7730/7042/files/sotunipojofabusopuluk.pdf
  • https://cdn.shopify.com/s/files/1/0479/9433/9481/files/escape_to_chateau_series_3.pdf
  • https://cdn.shopify.com/s/files/1/0495/9889/0147/files/34582249136.pdf
  • https://cdn.shopify.com/s/files/1/0439/2203/0760/files/liga_cesar_chavez_santa_rosa_ca_2019.pdf
  • https://cdn.shopify.com/s/files/1/0505/5335/6485/files/analytical_chemistry_class_10_icse_notes.pdf
  • https://cdn.shopify.com/s/files/1/0428/9737/5388/files/god_made_me_worksheet.pdf
  • https://cdn.shopify.com/s/files/1/0431/3881/0023/files/zer0_skill_tree.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.