Malicious PDF — malware analysis report

Heuristics 4

• Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
  PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://trafficel.ru/aws?keyword=words+with+the+root+germ PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4373301/normal_5f9b042eaf8e7.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4367635/normal_5f874e1f1c2af.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://uploads.strikinglycdn.com/files/3c60a07f-faf1-4644-9361-ab5ed19585e9/lafotoxanipoxol.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6a8f52d3-9f33-4717-abda-d7ba8d574345/dakisawirutesigepewuga.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b17e7481-4302-46a2-8da8-fb3778e4441c/59680338296.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3055b30c-2a86-4004-87b5-59b4a8b5b8cf/black_and_decker_bread_maker_recipes.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c4a5ba59-3dfe-43d7-9c88-7b4c18229043/low_profile_video_card_for_dell_optiplex_9020.pdfIn PDF document text
  • https://s3.amazonaws.com/tetazino/beer_brewery_process.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9aa89c90-e4d8-4ec9-ae64-4c36cc068d96/dosumadejaxos.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/deb6d20e-5e9f-4f4d-9619-57a196529001/tiluwepuxelunolo.pdfIn PDF document text
  • https://s3.amazonaws.com/mujevubutukoxu/nanud.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2c278f68-912a-4da8-8f9f-8862fde3c6bf/lenukiju.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/44281362-214b-4317-b067-907444843df6/xudewezuravin.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1160a8b7-88ab-415f-871e-6b80c072e631/rasisi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/acebf401-afef-4659-bded-1105ee6d6a30/49234563248.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.