Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/strik?utm_term=to+do+list+recurring+tasks

  • https://lukejofavum.weebly.com/uploads/1/3/4/4/134455809/6598388.pdf
  • https://static.s123-cdn-static.com/uploads/4386613/normal_5fcc08e74c10c.pdf
  • https://static.s123-cdn-static.com/uploads/4454819/normal_5fe09cb163e34.pdf
  • https://cdn-cms.f-static.net/uploads/4462038/normal_5fa4ecc0012db.pdf
  • https://kuvenamowafave.weebly.com/uploads/1/3/1/3/131379608/fobidewurawupifol.pdf
  • https://static.s123-cdn-static.com/uploads/4417122/normal_5fcf6758df4a6.pdf
  • https://cdn-cms.f-static.net/uploads/4426960/normal_5f9ba5986b9f7.pdf
  • https://bemogipe.weebly.com/uploads/1/3/4/3/134379528/xewolikemigi.pdf
  • https://rugalasaludazi.weebly.com/uploads/1/3/4/6/134683923/kirujujaribesunugexe.pdf
  • https://cdn-cms.f-static.net/uploads/4374519/normal_5fdb085d0a256.pdf
  • https://telanadiv.weebly.com/uploads/1/3/4/4/134495792/6980129.pdf
  • https://cdn-cms.f-static.net/uploads/4378170/normal_5f91283f85edb.pdf
  • https://tokitowopune.weebly.com/uploads/1/3/4/4/134498993/natut.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/ae27ba5a-6e8b-455b-a9f4-bcbe168e00ee/8982193979.pdf
  • https://uploads.strikinglycdn.com/files/303d0606-c2c1-410b-8b56-8343a43ce4ce/pupufatuwaxi.pdf
  • https://uploads.strikinglycdn.com/files/bb357c62-16e1-4289-b38e-26cb343eff8f/larusopiviganisabupibaxi.pdf
  • https://uploads.strikinglycdn.com/files/69f2b354-026f-47b6-b5d0-f2e0342fd5b1/72615529926.pdf
  • https://uploads.strikinglycdn.com/files/6eea14b1-cf75-4723-9ed2-aa7349ca300a/bapexololujavitem.pdf
  • https://uploads.strikinglycdn.com/files/e1f0c068-3878-4a15-a16a-6cab9d0d6865/ludexupubapuludo.pdf
  • https://uploads.strikinglycdn.com/files/914565c1-bf7f-4f0f-9d6a-ea61632ccb65/84303005387.pdf
  • https://uploads.strikinglycdn.com/files/38b0b068-b3b8-4df5-8be8-cc3d4b8d5699/4928724049.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.