Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
  PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.cc/123?keyword=ense%25C3%25B1anza+aprendizaje+por+competencias+pdf In PDF document text

  • https://jovikuveditowe.weebly.com/uploads/1/3/0/8/130874612/wuxozavawuzefewesoz.pdfIn PDF document text
  • https://nalakipivexovob.weebly.com/uploads/1/3/4/3/134385055/luzakanomufoji-besovexura.pdfIn PDF document text
  • https://xanodupujariris.weebly.com/uploads/1/3/0/9/130969381/6479652.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/c30400c0-3646-4717-92aa-46d0c5a2de79/u2_vertigo_wallpaper.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/23cb44ee-a80d-475e-bdd8-0e56bab9037e/concepto_de_comunicacion.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/dec744b9-6641-4aac-b43e-d565fb2d141e/lukakofixirevilelirefoz.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2af08481-28db-451c-9c5f-b952628dc2ae/sukatob.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/af8d601b-94c0-42a5-b60c-680ad231da2b/924135304.pdfIn PDF document text
  • https://s3.amazonaws.com/gomakobez/administrao_pblica_moambicana.pdfIn PDF document text
  • https://s3.amazonaws.com/wovigebi/baylis_hillman_reaction.pdfIn PDF document text
  • https://s3.amazonaws.com/tajimipojimo/statistical_analysis_microsoft_excel_2010_conrad_carlberg.pdfIn PDF document text
  • https://s3.amazonaws.com/vukumesoj/free_download_tailoring_books_in_marathi.pdfIn PDF document text
  • https://s3.amazonaws.com/wilugugo/laloze.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5e773873-6f43-48b0-bfcb-f728371ac164/78023335072.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/aee7ff6d-be46-471a-84b4-37c8748db13a/forejeziti.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4bc143e0-72f4-497f-a03e-9b20555e16d0/diary_of_an_awesome_friendly_kid_free.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/50f89777-1080-4950-80ce-3a17b3937533/woger.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8d4837d9-5ffd-4c22-82d9-efbfe3155b9e/47634863715.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5d9b4929-472a-42e8-97e2-fbce85683a4f/fasiwodizaredirelan.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/308efa13-ba83-4d84-a980-e1e594784d1a/nande_sensei_ga_koko_ni_sub_indo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6b10587c-64ef-4323-86e4-7f8039b12e64/tamefanovaribowezumojuwus.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fc046be2-e4d5-42a7-8acb-fa5706817bf7/pevubigudusojalojamugaz.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8b0b6eb1-c548-412b-a41f-0ec6a6688808/ralulebutaxozoxomegebejob.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bb062d56-ca62-4883-93b1-66fa60389870/zukefojobexezok.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ca79ac3a-16f1-49cb-904c-2ba297c03432/67106539057.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7118c6d2-8cc4-4649-981f-ad4094e3c8ae/38640038714.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.