Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/strik?keyword=prince+azim+height

  • https://kobijetiva.weebly.com/uploads/1/3/4/3/134322382/debazenitogaban_tixed_leverafalomad.pdf
  • https://kesevaze.weebly.com/uploads/1/3/1/3/131383297/b84942291d6eea8.pdf
  • https://meboguvogo.weebly.com/uploads/1/3/1/4/131437667/budufu.pdf
  • https://cdn-cms.f-static.net/uploads/4369518/normal_5f989868dc8aa.pdf
  • https://cdn-cms.f-static.net/uploads/4370555/normal_5f8e73c626d78.pdf
  • https://cdn-cms.f-static.net/uploads/4376602/normal_5f8e0ec26a48e.pdf
  • https://cdn-cms.f-static.net/uploads/4368495/normal_5f87771daa8ec.pdf
  • https://cdn-cms.f-static.net/uploads/4366017/normal_5f8ba16287253.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/8ee9d504-4c59-4699-a71a-113bef8f0206/51291473468.pdf
  • https://uploads.strikinglycdn.com/files/0635aad4-9fdb-4afd-85dc-ebcda7116f14/48997134476.pdf
  • https://uploads.strikinglycdn.com/files/913888a0-a7ac-46a2-b848-40b2b3c0e52c/1243989785.pdf
  • https://uploads.strikinglycdn.com/files/53a3f948-0875-44e4-aa47-b3d0f3927413/5443632229.pdf
  • https://uploads.strikinglycdn.com/files/40f15676-b732-48d4-b702-52681682a3ce/napalubajutopajedukawot.pdf
  • https://s3.amazonaws.com/fasanag/ernst_cassirer_kant.pdf
  • https://s3.amazonaws.com/xovajukoxin/bofula.pdf
  • https://s3.amazonaws.com/tetazino/53213321918.pdf
  • https://s3.amazonaws.com/wizedumi/bel_ami_maupassant_francais.pdf
  • https://s3.amazonaws.com/tobobowu/defensa_siciliana.pdf
  • https://uploads.strikinglycdn.com/files/975a05ee-08f7-46b9-97e1-a38b0080f730/71380090776.pdf
  • https://uploads.strikinglycdn.com/files/1ac1f868-4bea-464f-8d3d-54b79b6bd6ef/fegebotobixeti.pdf
  • https://uploads.strikinglycdn.com/files/d7f188e4-cb23-47f4-8403-b4eb85437c8c/matenezumiwegozive.pdf
  • https://uploads.strikinglycdn.com/files/db39b584-c833-4913-81b9-f4b8472f87c2/28141287872.pdf
  • https://uploads.strikinglycdn.com/files/2d99f453-6195-425f-aeec-03dd54bd40aa/4851838046.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.