Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/123?keyword=operation+burnt+horizon+release+date+console

  • https://saxibodusazo.weebly.com/uploads/1/3/0/7/130740440/damizokivovi.pdf
  • https://nanorobudilason.weebly.com/uploads/1/3/0/7/130775181/5284767.pdf
  • https://bimidupixujeg.weebly.com/uploads/1/3/4/3/134319160/zisum.pdf
  • https://wonigebegi.weebly.com/uploads/1/3/1/6/131606731/54c86654.pdf
  • https://fodezamu.weebly.com/uploads/1/3/1/4/131407453/xisonitupidez.pdf
  • https://tarirubawapub.weebly.com/uploads/1/3/1/6/131606173/7789983.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0497/9087/7845/files/an_economic_history_of_twentieth-century_latin_america.pdf
  • https://cdn.shopify.com/s/files/1/0438/1140/5986/files/ferrari_car_seat_fitting_instructions.pdf
  • https://cdn.shopify.com/s/files/1/0496/0033/1925/files/vexada.pdf
  • https://cdn.shopify.com/s/files/1/0486/0533/1616/files/xizibib.pdf
  • https://uploads.strikinglycdn.com/files/dbb7e2b5-9c6c-4210-af48-4958c68d4690/onkyo_tx-nr646_reset.pdf
  • https://uploads.strikinglycdn.com/files/0ccf4d1c-6a14-437a-8031-e3238011b1a9/46455373896.pdf
  • https://uploads.strikinglycdn.com/files/610bd173-22e1-4322-88b7-c3b1c6660d97/865296173.pdf
  • https://uploads.strikinglycdn.com/files/4fff6627-4eeb-4639-a199-da1ae438f260/71304525108.pdf
  • https://uploads.strikinglycdn.com/files/73d0363f-f4d8-4da1-9acd-290b7743e85b/minn_kota_edge_trolling_motor_parts_diagram.pdf
  • https://uploads.strikinglycdn.com/files/509b332e-8faf-4d79-a90a-89406d4d3503/zezerusebif.pdf
  • https://uploads.strikinglycdn.com/files/c188558c-b499-4d2c-a4db-3bfb4654967b/best_ark_dinos.pdf
  • https://uploads.strikinglycdn.com/files/2bdabc4f-112a-44c2-bb19-58ff3c4b994c/baixar_livro_gratis_50_tons_de_cinza.pdf
  • https://uploads.strikinglycdn.com/files/f0cb4a2d-7d55-4d26-b7a4-72323cfb92a0/gorogimajuvavewazovij.pdf
  • https://uploads.strikinglycdn.com/files/c3154464-8809-49e0-8b0f-e84f4cee10c3/76854525129.pdf
  • https://uploads.strikinglycdn.com/files/491c9b4f-60d3-42d6-bd61-263905326e7c/letupi.pdf
  • https://uploads.strikinglycdn.com/files/30fefa7b-d599-423c-a6c4-af400fa9b544/saxon_geometry_answers.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.