Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=monect+pc+remote+apk+full+version

  • http://files.aramgershuni.com/uploads/1/3/0/7/130775888/peleronipegadaj.pdf
  • http://pinikok.kdmikulawineman.com/uploads/1/3/2/7/132712116/kewufaveniwo_bawemo_purelewup.pdf
  • http://kedobepu.kyrakalageorgi.com/uploads/1/3/0/8/130874001/cbc579.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://f58b1636-b62b-46db-9ae5-fde85910eb31.filesusr.com/ugd/cf79db_90606c3c99e14302bda1e1a14604ce60.pdf?index=true
  • https://037a14dc-e461-43f8-835b-36abfd726abb.filesusr.com/ugd/136d3d_2f3b044e099644b68bf9a82d1d3cd735.pdf?index=true
  • https://ffc62988-6def-41ed-9e56-8b26cc4a3500.filesusr.com/ugd/3225da_4c6fde3126bf45c6b3f17e3b18471d38.pdf?index=true
  • https://7572849f-0b9c-4d6b-9477-ecb8dbf987ac.filesusr.com/ugd/fbccce_19931bd3b04d4aa5a33780e9b598bce9.pdf?index=true
  • https://6914ad9b-f2c1-422e-b3f3-27e129b9110d.filesusr.com/ugd/e80f4c_8f35dca8abc5466fab66ecdef72a19b9.pdf?index=true
  • https://2254517f-fa41-49de-89fa-19ad71cef3f3.filesusr.com/ugd/e56fe2_0ee59ac1bf1e42a4a70315236f99d113.pdf?index=true
  • https://9e044329-c7b6-456d-8820-d64b6602320f.filesusr.com/ugd/a4ea6c_e02839bc41fc4034a66bd7875efc2457.pdf?index=true
  • https://fa1e87ef-895d-4f72-a877-2d42ed248dd5.filesusr.com/ugd/3eb4bd_4f820deccbd644f2a53786ee6977b245.pdf?index=true
  • https://0afb1720-550a-48d7-b33d-5a6d7f1cd87a.filesusr.com/ugd/daca0d_c53347344ddb4aba80f3ed43e74e639a.pdf?index=true
  • https://c6e7c526-0aa8-4b1d-9402-860c4d6d01c9.filesusr.com/ugd/f80014_c3940f05f42c4100b6f509e8dc770bae.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.