Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=comcast+port+st+lucie+channel+guide

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://ae646c5f-2f69-44ae-ac58-332ab1faf269.filesusr.com/ugd/225520_823714913d694a5abcf7fe95da38e285.pdf?index=true
  • https://7652adea-77fd-4b40-a746-cfab5f505e82.filesusr.com/ugd/800b88_08d6324f08384ab28ac790759d92e1cf.pdf?index=true
  • https://02ff4603-b22d-497d-b38f-a3453c68b3c5.filesusr.com/ugd/e745be_0d675a968a7b49d98e1d89564b518c44.pdf?index=true
  • https://6c389a9b-deb0-4aa7-981e-b735fa02e175.filesusr.com/ugd/c345b0_ec633278a0c644bb9fa00f9abd1b2e8e.pdf?index=true
  • https://d61bc751-f58b-42b0-8253-5881c81e87ce.filesusr.com/ugd/696b8a_03229ed5adab4614874fb533e746cda0.pdf?index=true
  • https://eeab2416-de85-4168-ae2d-82d45cb94102.filesusr.com/ugd/83b1b3_51f7eb10c2794405a351d77c147e2d7c.pdf?index=true
  • https://b0e3d606-121f-47cf-a7dd-4539562f3cc9.filesusr.com/ugd/ff2e72_0aed1d8bd56740fcb69ad4721e9fda15.pdf?index=true
  • https://720f1fab-1a40-4526-a643-fdcd24cbf59f.filesusr.com/ugd/bbdb65_ad76f54fb1c84ce586bfde2f4db35291.pdf?index=true
  • https://a2b3e13f-a17f-4e11-bcf4-2e8e33afaadc.filesusr.com/ugd/d8966e_8c4e4fedf42c4306950a964ad6f1a7aa.pdf?index=true
  • https://cc9be682-c8c3-452f-9f57-88eccfb41145.filesusr.com/ugd/2f7489_a663ab7661494c0884eae111dfd4daa7.pdf?index=true
  • https://076e0bc1-0141-49ed-a93f-c39238584591.filesusr.com/ugd/f5bc2a_5f6b0829e1f74263ba8fea5658071e5d.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0431/2698/0765/files/mysql_datetime_vs_unix_timestamp_performance.pdf
  • https://cdn.shopify.com/s/files/1/0432/8495/5300/files/84660959892.pdf
  • https://cdn.shopify.com/s/files/1/0431/6279/6186/files/gudajezodozamevopinowuxon.pdf
  • https://cdn.shopify.com/s/files/1/0430/1121/1425/files/95227013651.pdf
  • https://cdn.shopify.com/s/files/1/0439/1269/1867/files/87430292518.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.