Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/strik?keyword=pokemon+revolution+online+spawn+guide

  • https://pibefabetanob.weebly.com/uploads/1/3/4/3/134376782/doripexuzezizu.pdf
  • https://cdn-cms.f-static.net/uploads/4376599/normal_5f963f053a08f.pdf
  • https://pasutexovemas.weebly.com/uploads/1/3/0/9/130969198/vuxafozovukufafomo.pdf
  • https://cdn-cms.f-static.net/uploads/4375514/normal_5f8aa7eb01e66.pdf
  • https://luwobidope.weebly.com/uploads/1/3/0/8/130814225/xixut_rejunogu_megip.pdf
  • https://segakimorepej.weebly.com/uploads/1/3/0/7/130738797/6bca93a01d.pdf
  • https://sijevunima.weebly.com/uploads/1/3/1/8/131859613/lidizes.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/gixawetopoli/soccer_goalie_pre_game_warm_up.pdf
  • https://s3.amazonaws.com/dozuga/chacun_sa_route_partition.pdf
  • https://s3.amazonaws.com/jazofi/icse_biology_book_class_11.pdf
  • https://uploads.strikinglycdn.com/files/3c59a4df-a82d-434f-8141-1cdec33123b3/vipubik.pdf
  • https://cdn.shopify.com/s/files/1/0504/4509/0985/files/normas_aduaneras_de_cuba.pdf
  • https://uploads.strikinglycdn.com/files/16c922db-7cde-4f6f-9157-d1ffc68fa5d9/pukisadigezupizeji.pdf
  • https://uploads.strikinglycdn.com/files/a6390552-3dc5-44ff-a4fd-5713a30b4c72/98348421042.pdf
  • https://uploads.strikinglycdn.com/files/c6b98c96-d2db-4478-8ddd-c6784be0fa85/nofuw.pdf
  • https://uploads.strikinglycdn.com/files/36276b3a-a576-49d1-b9e0-9d988b70359c/11941343282.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.