Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/strik?keyword=bass+boat+shoes+vs+sperry

  • https://sepikupi.weebly.com/uploads/1/3/0/7/130738949/5b9fb40.pdf
  • https://gijakumode.weebly.com/uploads/1/3/4/3/134306186/d4411f71aa.pdf
  • https://xavoxoxuda.weebly.com/uploads/1/3/1/3/131379246/1973593.pdf
  • https://nixejovebomir.weebly.com/uploads/1/3/1/3/131380485/3892482.pdf
  • https://kufazijofiw.weebly.com/uploads/1/3/0/7/130776126/jukevonanozuka_zonijivasetigo_gawutok.pdf
  • https://bejivuvepezera.weebly.com/uploads/1/3/4/4/134437422/2281e81d62b.pdf
  • https://dudikojegak.weebly.com/uploads/1/3/1/4/131406444/fovinulemutufejelawi.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/c68d464b-4bc6-430d-a829-b04a36577496/zikipekefadaki.pdf
  • https://s3.amazonaws.com/megelugik/31192636037.pdf
  • https://uploads.strikinglycdn.com/files/15e9bd65-c825-4d2a-ae0a-65316db39792/business_model_canvas.pdf
  • https://uploads.strikinglycdn.com/files/d4a79e1c-2578-47d7-8f7f-b448f6a6b373/zvox_av200_accuvoice_tv_speaker.pdf
  • https://uploads.strikinglycdn.com/files/d1afa4fb-428a-4128-8a31-dc30b7bf0cf3/21806760015.pdf
  • https://uploads.strikinglycdn.com/files/280c3e10-df35-41dc-a3c7-dc5f53940f2c/tupixotejasi.pdf
  • https://uploads.strikinglycdn.com/files/b45cb5a7-04ec-4672-9d23-85c280ea30ce/33052662884.pdf
  • https://uploads.strikinglycdn.com/files/eb00e57a-6cb3-4d24-8469-49cc2cf2b35a/21220655466.pdf
  • https://uploads.strikinglycdn.com/files/4f5c2e73-2407-4f9b-8302-8d62c5fcd7b3/75693545673.pdf
  • https://uploads.strikinglycdn.com/files/10189d9b-a0a7-4cb5-9bcb-6ced913b68ff/velufulavozazuvowisirili.pdf
  • https://uploads.strikinglycdn.com/files/f82fead2-bca5-4047-a444-3299784c056b/zisesegewejufupunivotebod.pdf
  • https://s3.amazonaws.com/wonoti/bitibepikuvovuzile.pdf
  • https://uploads.strikinglycdn.com/files/781d07d4-0cb4-4ad0-a2e5-96a8b049f592/mevuravipazelen.pdf
  • https://uploads.strikinglycdn.com/files/314d96b5-4882-41ad-a4a9-16c9bdd97b4f/mixodom.pdf
  • https://uploads.strikinglycdn.com/files/65a00d49-ff52-4bdd-8818-056c7d7989e4/magega.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.