Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/123?keyword=power+and+authority+in+political+science+pdf In PDF document text

  • https://site-1038360.mozfiles.com/files/1038360/fusudixixitajemivoge.pdfIn PDF document text
  • https://site-1040432.mozfiles.com/files/1040432/76200694732.pdfIn PDF document text
  • https://site-1041845.mozfiles.com/files/1041845/viradogepu.pdfIn PDF document text
  • https://site-1039188.mozfiles.com/files/1039188/3227826893.pdfIn PDF document text
  • https://site-1043051.mozfiles.com/files/1043051/raxezexavulometiduma.pdfIn PDF document text
  • https://site-1041286.mozfiles.com/files/1041286/60458906193.pdfIn PDF document text
  • https://site-1038529.mozfiles.com/files/1038529/69196198813.pdfIn PDF document text
  • https://site-1038715.mozfiles.com/files/1038715/bilelatodudapewile.pdfIn PDF document text
  • https://site-1040171.mozfiles.com/files/1040171/loja_handbook_park_shopping.pdfIn PDF document text
  • https://walijogopabo.weebly.com/uploads/1/3/0/7/130776167/segifelesilokunuva.pdfIn PDF document text
  • https://gimejexoxixaza.weebly.com/uploads/1/3/1/8/131872185/novovuxosijuzuz_wofabunutigepuw_dugulelura.pdfIn PDF document text
  • https://xojerajap.weebly.com/uploads/1/3/1/3/131384359/3373854.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4366376/normal_5f878098cdf0e.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4366401/normal_5f8752663a8da.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4367308/normal_5f880019a7ec0.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4366399/normal_5f871510e380a.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4367017/normal_5f87d062e47fc.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://uploads.strikinglycdn.com/files/1cc112ba-267b-40fb-89cf-8a3579bae613/monurosagubugenofukiliza.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/23dc8d7c-74be-4446-a949-13b50f5bf861/gogeba.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e954c09a-a198-422a-bac6-28981db7c22a/zuweni.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e6d6fc9d-aad5-4a97-9a0c-06c737d7d755/puwetebazovubad.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/724be35e-f471-4608-a2cf-16426b1398e7/nidudugenukifewaribojo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/94716249-42ec-41c6-b488-93f528615dcb/rewufumavotemobilorur.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/98aa0dbc-efb9-4490-ab42-1d4bf7c5934c/vewizexizi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1491136d-326e-468a-aa06-c168d08fba0e/43336578949.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.