Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=high+flo+gold+series+pump+3.8+gpm+troubleshooting

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://b65b7d79-3ea0-427d-aeb6-1a2eaf8b0847.filesusr.com/ugd/7a359d_16d2f6a4521c44ed996b3432d6ba8158.pdf?index=true
  • https://9865cdc4-a598-49db-8dcc-fd6a3eaea050.filesusr.com/ugd/c068f8_5ca339b3571644958a251b9f03d90ed0.pdf?index=true
  • https://1e35a7dd-5d43-495c-bd16-c32174eefc1d.filesusr.com/ugd/5f5755_b0897f8f545446ed8dba36a8dc6e1e03.pdf?index=true
  • https://7756120d-eae2-4a23-9cf6-9f8b40171278.filesusr.com/ugd/6f53d7_460fe1b9f9054048a7e93274011764eb.pdf?index=true
  • https://04ecc0b4-0b45-42a6-a5ec-e3cac3403779.filesusr.com/ugd/41f880_4929404bd8cf48588851c06f2d9ff10b.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0433/4052/9816/files/60307333266.pdf
  • https://cdn.shopify.com/s/files/1/0428/2168/1315/files/teacher_grading_sheet.pdf
  • https://cdn.shopify.com/s/files/1/0434/5046/6454/files/cheesecake_factory_gluten_free_menu.pdf
  • https://cdn.shopify.com/s/files/1/0432/6057/5912/files/14775831961.pdf
  • https://4ad4b049-a5ab-428c-9b22-944b9a4f4b1e.filesusr.com/ugd/a58b01_b74711578ef64b079092e74a85d89227.pdf?index=true
  • https://ddd070bc-7bb3-4ac8-8332-bac96aa1d2ec.filesusr.com/ugd/9734e7_40e9c61e13ed42e0a37466c5972ff0bb.pdf?index=true
  • https://9efe012d-9bc9-4856-b1bd-710038820562.filesusr.com/ugd/d6b5da_18ce0aa139454d1a9be5395cbf3b6bfb.pdf?index=true
  • https://c97ea1f0-49ff-4fd7-9913-faaa41f2c2e1.filesusr.com/ugd/17159d_acda2307d232435b93e4b30174fef639.pdf?index=true
  • https://b772cc55-49c9-44ff-9c72-05352757ea3e.filesusr.com/ugd/8bc2a6_f108a12832e34a858e9650e9e5a60adc.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0483/9597/6856/files/stage_of_conflict.pdf
  • https://cdn.shopify.com/s/files/1/0432/4294/6724/files/definitions_of_accounting_terms.pdf
  • https://cdn.shopify.com/s/files/1/0432/3550/8387/files/3140237942.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.