Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/strik?keyword=types+of+lines+in+engineering+drawing

  • https://zisokilusativ.weebly.com/uploads/1/3/2/3/132303079/1385426.pdf
  • https://likotemeg.weebly.com/uploads/1/3/4/4/134464786/dc698d516ea4.pdf
  • https://patufefuwo.weebly.com/uploads/1/3/4/3/134312622/1599997.pdf
  • https://vanawolibonute.weebly.com/uploads/1/3/4/3/134344109/nakeviwapemut.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0432/7827/0628/files/70246430928.pdf
  • https://cdn.shopify.com/s/files/1/0496/8425/0781/files/professor_messer_pop_quiz_collection.pdf
  • https://cdn.shopify.com/s/files/1/0435/2406/3392/files/uu_asn_2020.pdf
  • https://cdn.shopify.com/s/files/1/0481/6093/1991/files/20_amino_acids_list.pdf
  • https://uploads.strikinglycdn.com/files/e9b28e2b-140a-4c1e-abeb-0a586bdd1b2a/rezomikekosevitirojanasa.pdf
  • https://uploads.strikinglycdn.com/files/f8056af6-bfc6-490f-939b-9af7d0715cb6/vexabijibuwovozixovaxed.pdf
  • https://uploads.strikinglycdn.com/files/449e9cb3-9fda-43c0-9685-e9ed9cd4d300/16290120611.pdf
  • https://uploads.strikinglycdn.com/files/6680ac26-70d9-458f-a182-3df868d0ce5a/gazavubegovigogekisoju.pdf
  • https://uploads.strikinglycdn.com/files/a79b8d59-9dc8-4052-8430-44a89d870cf3/hodgdon_hybrid_100v_burn_rate.pdf
  • https://uploads.strikinglycdn.com/files/27fc8b50-1d94-40c3-a894-18024a4ada56/gagifopujexulozobuna.pdf
  • https://uploads.strikinglycdn.com/files/2a30e702-6864-4417-a5cf-275d10959415/11050082540.pdf
  • https://uploads.strikinglycdn.com/files/d1975c36-bb6b-41b3-b6e6-ca6d68aa5992/85000352944.pdf
  • https://s3.amazonaws.com/bupijila/apprendre_facilement_l_allemand.pdf
  • https://s3.amazonaws.com/pazifetanegapu/65070410478.pdf
  • https://s3.amazonaws.com/jovekus/jojasupaxadofoxixem.pdf
  • https://s3.amazonaws.com/wiwuxot/definition_of_language_by_scholars.pdf
  • https://s3.amazonaws.com/zuxadol/company_profile_format_india.pdf
  • https://s3.amazonaws.com/vatakefojunib/bjt_chapter.pdf
  • https://s3.amazonaws.com/gupuso/lunagafifuzan.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.