Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=club+penguin+tour+guide+answers+2020

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://9e43fdbf-4da2-4aed-83c5-3c9ed6de43e4.filesusr.com/ugd/f9d4cd_dad25b3cde8c47648e1398ef48b19aed.pdf?index=true
  • https://20234e45-e2c2-47e9-bc00-c0298a07b131.filesusr.com/ugd/7603ae_9dfc577145c8487b8a8887fb9f580815.pdf?index=true
  • https://3c574ff6-6563-4aae-82de-dfe9fac0919d.filesusr.com/ugd/3bca44_5c8808a555944bccab3c690d1c77a983.pdf?index=true
  • https://b57bef12-1d37-4dbd-bb89-23dd1e3afa5e.filesusr.com/ugd/b4609a_2719b7d2a08442d799afb303a585974c.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0430/7212/7125/files/cover_letter_sample_in_pakistan.pdf
  • https://cdn.shopify.com/s/files/1/0437/6995/4453/files/xukavekonizep.pdf
  • https://cdn.shopify.com/s/files/1/0431/2521/1296/files/mufepanul.pdf
  • https://9c2178a6-f696-4632-8c4b-12465b15324a.filesusr.com/ugd/a86d68_e6559438629b4a1ebbad7309dbb905cf.pdf?index=true
  • https://50f13ab2-b15c-4a6e-b51b-b01a23a755e0.filesusr.com/ugd/5bf82b_2237651c4a73417dab3cf8307402f16c.pdf?index=true
  • https://d192abf9-b390-42cc-8d6f-4ecc88ce3afe.filesusr.com/ugd/9e41f0_8b5d6d4db11b4bb8b7aedcb72f13cedd.pdf?index=true
  • https://6e7d5b77-1366-4a74-a779-e5fc130d6d84.filesusr.com/ugd/c068f8_cefea3cef4c84b65a12c78e8b648a97c.pdf?index=true
  • https://164c83a3-b3a1-4d9c-9de8-b136b11531e2.filesusr.com/ugd/23a6c3_83ae5ee8d3c94a74aa454a6c88536c8c.pdf?index=true
  • https://873f1ac7-136a-4774-84a3-bfb1fbe4cc9e.filesusr.com/ugd/9cfd0a_f4777f53033845579adb3bdf1c0233a9.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.