Malicious PDF — malware analysis report

Heuristics 3

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
  PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 16 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/strik?keyword=baidu+root+english+apk

  • https://bubixoduxufito.weebly.com/uploads/1/3/1/0/131070588/dopogegulagurose.pdf
  • https://kobetuditi.weebly.com/uploads/1/3/4/4/134446504/4989440.pdf
  • https://gikigafe.weebly.com/uploads/1/3/4/4/134440869/8977032.pdf
  • https://wevinavuligi.weebly.com/uploads/1/3/4/5/134505150/gujizujoxizodo-tewofomik.pdf
  • https://dimaxafazeza.weebly.com/uploads/1/3/1/4/131453031/08cd6.pdf
  • https://s3.amazonaws.com/jutenojamega/eths_bell_schedule_2020.pdf
  • https://uploads.strikinglycdn.com/files/68aa2bb4-56ec-43cd-8bb2-c09000b14c94/39699469085.pdf
  • https://s3.amazonaws.com/mamukawaxatali/skylanders_trap_team_traps_8_pack.pdf
  • https://s3.amazonaws.com/sugaguxagu/41442215579.pdf
  • https://s3.amazonaws.com/felasorarabipis/94623775825.pdf
  • https://s3.amazonaws.com/mudurixo/36782284299.pdf
  • https://uploads.strikinglycdn.com/files/db038036-1fbb-4dc9-961d-39b9c0eae849/nonivogurukewivibom.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.