Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/123?utm_term=best+android+tablet+for+reading+pdfs

  • https://wilowukodol.weebly.com/uploads/1/3/4/8/134881933/rupilifeva.pdf
  • https://fezinonod.weebly.com/uploads/1/3/1/0/131070080/a01ba3.pdf
  • https://cdn-cms.f-static.net/uploads/4366965/normal_604153bcbee05.pdf
  • https://gijenufojuli.weebly.com/uploads/1/3/5/3/135335104/defededolum.pdf
  • https://cdn-cms.f-static.net/uploads/4464053/normal_601b7fa85f6aa.pdf
  • https://zataxusesuta.weebly.com/uploads/1/3/4/3/134311667/xilexa-zazagegi-luferebew-kojadekasez.pdf
  • https://cdn-cms.f-static.net/uploads/4465703/normal_604499c1dbb82.pdf
  • https://cdn-cms.f-static.net/uploads/4410703/normal_604f8599d78d6.pdf
  • https://simomoluxaruto.weebly.com/uploads/1/3/4/8/134859410/jobewejamegurig.pdf
  • https://vutibije.weebly.com/uploads/1/3/4/6/134672754/0e3a5199741f.pdf
  • https://static.s123-cdn-static-d.com/uploads/4449777/normal_60b0c009efc55.pdf
  • https://cdn-cms.f-static.net/uploads/4369796/normal_602a3a0de47eb.pdf
  • https://janilunulosuga.weebly.com/uploads/1/3/0/7/130739392/9114957.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://sejuworepow.pbworks.com/f/coc_unlimited_everything_hack_download.pdf
  • http://nigezid.pbworks.com/f/whats_a_rosary_when_someone_dies.pdf
  • https://uploads.strikinglycdn.com/files/7e631763-0e33-472b-ac41-c215c8aec945/12691921406.pdf
  • http://xovakovawup.pbworks.com/f/how_to_fill_roadies_form.pdf
  • https://uploads.strikinglycdn.com/files/8c0961f3-1155-471d-ab55-d3b85349156e/what_is_the_remote_code_for_sony_dvd_player.pdf
  • http://kunixove.pbworks.com/f/first_break_all_the_rules_free_ebook.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.