Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/strik?keyword=madison+streets+recycling

  • https://cdn-cms.f-static.net/uploads/4369160/normal_5f89413fe161e.pdf
  • https://cdn-cms.f-static.net/uploads/4367313/normal_5f8819dededa9.pdf
  • https://cdn-cms.f-static.net/uploads/4368466/normal_5f8d1125399f6.pdf
  • https://cdn-cms.f-static.net/uploads/4369491/normal_5f8d442d75e16.pdf
  • https://cdn-cms.f-static.net/uploads/4366647/normal_5f886405e7469.pdf
  • https://cdn-cms.f-static.net/uploads/4374536/normal_5f8d53ad8e61f.pdf
  • https://cdn-cms.f-static.net/uploads/4371807/normal_5f898b27232e2.pdf
  • https://cdn-cms.f-static.net/uploads/4375075/normal_5f9056c119cdd.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/40bf6751-26f0-4268-956e-079b69adb955/53843159471.pdf
  • https://uploads.strikinglycdn.com/files/01b13f5d-c5c4-4c38-ad24-bb8082fac241/64093637459.pdf
  • https://uploads.strikinglycdn.com/files/65619ed6-50e2-4073-a153-1f0ee96c76d3/43552078499.pdf
  • https://uploads.strikinglycdn.com/files/c5b81d7b-caf3-4a9a-8deb-f976c10d8b69/wezabeme.pdf
  • https://uploads.strikinglycdn.com/files/424c86b5-e920-4959-87cd-64021c4331d3/votatudisezekenowovifo.pdf
  • https://cdn.shopify.com/s/files/1/0434/2536/6165/files/27986659297.pdf
  • https://cdn.shopify.com/s/files/1/0492/0587/0758/files/politica_de_almacenamiento_externo_android_4.4.pdf
  • https://cdn.shopify.com/s/files/1/0437/8047/2984/files/52838965336.pdf
  • https://cdn.shopify.com/s/files/1/0485/3632/2203/files/download_fieldrunners_1_for_android.pdf
  • https://uploads.strikinglycdn.com/files/b0d55fc6-6290-49dd-b6b4-6300b16b8133/rigig.pdf
  • https://uploads.strikinglycdn.com/files/564bf4f0-d617-4119-8406-ce466fa91b14/91760380808.pdf
  • https://uploads.strikinglycdn.com/files/78b7e2ad-c72d-4e48-9844-e38073f11f92/38570340344.pdf
  • https://uploads.strikinglycdn.com/files/6a903330-7182-4bf0-aaa2-409c36864458/21199681214.pdf
  • https://uploads.strikinglycdn.com/files/9b4ba640-9d78-4ddd-b933-eced70e15b37/doforivoregow.pdf
  • https://cdn.shopify.com/s/files/1/0438/2910/0701/files/nebraska_soccer_league_field_status.pdf
  • https://cdn.shopify.com/s/files/1/0496/2238/4793/files/american_express_merchant_financing.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.