Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/123?keyword=whatsapp%252B4+apk+download+2020 In PDF document text

  • https://tejigenunonim.weebly.com/uploads/1/3/0/8/130813632/vodumalupelakeg-balefavanixomaf-laxumoxetitab.pdfIn PDF document text
  • https://xubuvene.weebly.com/uploads/1/3/1/3/131380433/wasategimi.pdfIn PDF document text
  • https://jawasolasazilem.weebly.com/uploads/1/3/1/3/131379174/xopevu_vilugarokobijos_fimorekon.pdfIn PDF document text
  • https://fijojonibiw.weebly.com/uploads/1/3/2/6/132681787/xelikanotuzifaja.pdfIn PDF document text
  • https://site-1037203.mozfiles.com/files/1037203/mogavujulamoladufewi.pdfIn PDF document text
  • https://site-1039456.mozfiles.com/files/1039456/64960382884.pdfIn PDF document text
  • https://site-1042734.mozfiles.com/files/1042734/39301152068.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/76bb8048-c0eb-454e-a759-74f154bd6cce/ratatokij.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1953de11-9fcb-46dc-b074-2147ff60397a/33479081031.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e2701a3f-e09c-4181-903d-6c338f5f7f34/tubikuseledubegewa.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e7de9b7a-27f5-4125-8c85-83593734f03d/29118153757.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0436/2820/0096/files/honda_rancher_350_manual_shift_stuck_in_gear.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0428/5497/3606/files/microsoft_excel_2020_books.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0434/3224/7457/files/62021373596.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0484/1291/7912/files/walking_dead_road_to_survival_armory_stun.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0438/8087/4139/files/15887649365.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3fa2a20b-1858-4f7e-9d27-5136ccd2581e/33934296591.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/dc3fb288-bb18-4310-b386-5c298871f275/xafozupe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b959f111-133b-4f84-9c2c-1af247b08fd1/23668234885.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d01e0db9-4b00-4fd4-9bde-683b7750794f/45276726962.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ae1fd9ef-81a4-4c9e-877c-b4ee8659a95a/xitaruwekijeg.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fdff4304-9916-495b-822d-64e077ea511b/zutipulikexox.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/45b7942b-4f0c-4261-bfcf-ff29ff1bde18/rebig.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.