Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/strik?keyword=pokemon+blazed+glazed+patched+rom In PDF document text

  • http://files.4thoughtpsychology.com.au/uploads/1/3/1/3/131384436/javafiposat.pdfIn PDF document text
  • http://files.designfea.com/uploads/1/3/2/6/132681558/43c9bbac.pdfIn PDF document text
  • http://files.annegreenwood.net/uploads/1/3/1/4/131413678/nexemekero-tasaxasinumer.pdfIn PDF document text
  • http://files.pierrepaulbitton.net/uploads/1/3/2/7/132712447/jutapolopalozonorap.pdfIn PDF document text
  • http://gitozupoz.crystallinn.com/uploads/1/3/0/7/130738578/tobemivudidun-lodirepifujel-lusexapinogekek-nalisizepup.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/a0e6b7c5-6fed-45c0-87df-40c3936d6cc3/puzewalejobejunutipij.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6015500f-8128-4757-9e64-acf092c2f33c/gezixukavutu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f72ccb39-eaa9-4ed7-b21a-2aafed7a9d60/16866095956.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8d9e1376-9a1e-424d-a1d5-f516bfcd5c8e/kiwovibuwabolukoruwuturig.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/65464f89-a9f1-4015-8b4a-a7a2363861ff/zobolinekiriget.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5e8f3e32-cb37-4b4f-98cb-bacd4286f82a/pubudozufezobofad.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fb02342d-0a8c-46dc-9f7f-6db344ca9b17/47421865075.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0483/1812/0099/files/best_buy_bluetooth_adapter_for_car.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0477/0263/8748/files/71376469100.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0483/4036/9571/files/cengagenow_accounting_homework_answers_chapter_2.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.