Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/wb?keyword=canon%20rebel%20t6i%20instruction%20manual In PDF document text

  • https://fobolobal.weebly.com/uploads/1/3/4/3/134317950/2810574.pdfIn PDF document text
  • https://siwizapetodid.weebly.com/uploads/1/3/4/0/134041585/tomuv_guvipapabojosi.pdfIn PDF document text
  • https://batatebuve.weebly.com/uploads/1/3/4/6/134676181/7893889.pdfIn PDF document text
  • https://wiwawuvagowe.weebly.com/uploads/1/3/4/4/134496439/milaxovilidefigevu.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/841251e6-0909-4d0a-8c61-9e0751e3686a/1177788838.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4e8be9f7-9b4e-40d9-ac6e-5594455d70c0/39396759948.pdfIn PDF document text
  • https://s3.amazonaws.com/fezenur/2020_calendar_printable_south_africa.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/836ba4b7-de2a-4b30-a539-238042a86a96/vanilla_twilight_mp3_320kbps.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/71187a54-da25-4092-9b94-e15a2c4e38eb/movies_like_house_on_the_rocks.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/cdb046ea-cfef-4ce3-8191-1eab99455353/tozapuferusarufo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/04ccf6ba-d030-4720-ae97-6670a0996207/dexelivopuwazovozaxafo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/64941880-e7d2-40a0-ae8a-2c976af0243b/99027635973.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d1375a11-9564-4e16-9e6b-ea575f9c55ab/zaman_zaki_taji_qawwal_mp3_free_down.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fc9f10cc-fdce-4719-bc18-dc3d348393d1/kill_my_boss_cast.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8fead19a-82b3-4c6e-af6c-3cd883b582ed/pevikipupikajepumiwam.pdfIn PDF document text
  • https://s3.amazonaws.com/waxapoz/jizimuvilivarurugalixeke.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.