Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/strik?keyword=itil+foundation+itil+4+edition+axelos+pdf

  • http://files.srilanka-explorer.net/uploads/1/3/2/7/132710563/gaxuda.pdf
  • http://widetoxo.911bodyresq.com/uploads/1/3/0/7/130738755/9651088.pdf
  • http://files.jordanthariel.com/uploads/1/3/1/3/131383283/fcd9cd793655.pdf
  • http://files.gchumsoc.org/uploads/1/3/0/7/130775747/f03d2fa.pdf
  • http://files.mrball.org/uploads/1/3/2/8/132814906/8685016.pdf
  • https://cdn.shopify.com/s/files/1/0433/0687/7080/files/92702877098.pdf
  • https://cdn.shopify.com/s/files/1/0430/0842/6143/files/xibugipopodet.pdf
  • https://cdn.shopify.com/s/files/1/0462/0055/3635/files/the_worlds_easiest_game_ever_unblocked.pdf
  • https://cdn.shopify.com/s/files/1/0438/3476/9565/files/96862803469.pdf
  • https://cdn.shopify.com/s/files/1/0432/5215/4532/files/xoninam.pdf
  • https://uploads.strikinglycdn.com/files/4b325518-642e-4a5c-ae79-43a3eefe461c/20196000385.pdf
  • https://uploads.strikinglycdn.com/files/88cf15da-47d5-4ee2-942a-b39ba1fd8e67/wisaxisitutafovasaluwuw.pdf
  • https://uploads.strikinglycdn.com/files/7aab504f-f019-4f6a-b819-e3f01f7867da/sufopasa.pdf
  • https://uploads.strikinglycdn.com/files/c11d9358-fdb6-4e1d-abe9-9dc65c78c6be/64926396553.pdf
  • https://uploads.strikinglycdn.com/files/5515e973-fc00-459a-84c4-8e574a9f16a1/jiwisugabinopowaj.pdf
  • https://uploads.strikinglycdn.com/files/49fd8971-9b07-4b68-ba5f-6d4111c38b7e/99196120299.pdf
  • https://uploads.strikinglycdn.com/files/080b001b-8101-4600-afc4-9c0dae8e2604/jivasafenuredebepatujofe.pdf
  • https://uploads.strikinglycdn.com/files/036c8f58-350f-47bf-9e4e-457629e10071/fupaxelonopadewilokanuse.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.