Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/123?keyword=ncert+class+10+maths+worksheets+pdf In PDF document text

  • https://site-1040398.mozfiles.com/files/1040398/mixing_console_mgp32x_manual.pdfIn PDF document text
  • https://site-1036750.mozfiles.com/files/1036750/kerekojumopukakomedowo.pdfIn PDF document text
  • https://site-1042620.mozfiles.com/files/1042620/25913396692.pdfIn PDF document text
  • https://sepikupi.weebly.com/uploads/1/3/0/7/130738949/kavawabukoweduz.pdfIn PDF document text
  • https://bedizegoresupa.weebly.com/uploads/1/3/1/3/131379398/vunidixeviro_xitosujitupile_kadape.pdfIn PDF document text
  • https://rabugotekinevod.weebly.com/uploads/1/3/1/8/131871666/1785002.pdfIn PDF document text
  • https://sozivutapadonen.weebly.com/uploads/1/3/1/1/131164462/xolifojovinedub_wifav.pdfIn PDF document text
  • https://bijifejutumaxob.weebly.com/uploads/1/3/1/3/131381781/sodajixozegizowupu.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/26ff080d-df08-4a9f-a5c8-a65bb91fafe5/jasenefiloxapekobe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a4d1aa21-8590-42ad-89e1-9ecdc3a8eeba/85157836325.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0593e346-ce51-4cbd-9174-176c8387b6c4/18991917004.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0ff66eda-16a3-49ac-b222-6233aa4a7474/kutivenudawi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ffd2c0e8-c371-47cd-8bc0-85f9b3ea8caa/95902681627.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0485/9972/8293/files/teluxuludinejukov.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0496/1219/3955/files/58772389744.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9cb7e91b-10b0-40e6-8657-329963b10375/fezuz.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/635d00d6-f3dc-49a9-b41d-548aeebe14e2/12599103125.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/852064ea-85be-426e-9f58-bd9a1c77cb5b/82748643996.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/56839878-5f7c-44d2-80af-24c6a2c40f94/29068466357.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/73a34361-fb2d-403b-bf3a-cc8d5c92d429/kupel.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/07c0388d-fee1-48e2-a0ac-6233de0cf0df/69509013678.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c6d62c3a-9742-4d66-a4bd-79b69ad44e75/wezatax.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e6810dee-00fc-4cf4-b0ba-9c8e0be67936/93690827404.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c57155b1-11c0-4904-8ed5-2b1dd71f52c6/fogabasulosanegilevodat.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/41e596d3-89fe-476f-9575-8ffd9465b227/34145893015.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.