Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=chip+chan+wikipedia

  • http://dogifam.coorain.com/uploads/1/3/2/3/132302870/e7ee5884f487ff.pdf
  • http://meduxi.15landsdowne.com/uploads/1/3/0/8/130813030/1599526.pdf
  • http://files.jeidanielbiotech.com/uploads/1/3/2/3/132303118/sugap.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://d8859b59-1013-4c27-9010-31bdd5292b7a.filesusr.com/ugd/0789d5_9538bcdd663b4eb88e55a7d9f51bda3a.pdf?index=true
  • https://3d680b6b-1491-406a-8ec3-32f61cbcf66f.filesusr.com/ugd/031dda_c7034d341daa42cd9619260682bae86e.pdf?index=true
  • https://28bca1c2-d459-440c-b337-b732bc27fdd0.filesusr.com/ugd/8b9728_bc74f00f16f542dd89631f26a76c11bb.pdf?index=true
  • https://3190d259-12f0-4ba2-84ee-621381334e58.filesusr.com/ugd/4bdc6d_3587406227c64786858001d9274044da.pdf?index=true
  • https://3f80dedb-d693-42db-b3b1-9ea0dc7fe0ba.filesusr.com/ugd/6f53d7_08970eaef48142fc9cdf0878e0ece817.pdf?index=true
  • https://194392b2-80d9-41a8-b6ec-ffa3a216f750.filesusr.com/ugd/704988_8db1b45c40ce44809a85bb50e833ce2a.pdf?index=true
  • https://a3f297b2-c997-4f20-8d6c-c6a3b8b1c22d.filesusr.com/ugd/a838c0_99eb1857b26d42d1b7c9425a042ab4e4.pdf?index=true
  • https://5faf3cf3-c067-444b-95a0-b87d1df67b61.filesusr.com/ugd/eb6612_d9cf6c9a9ea7409f920d71f5b211b4f7.pdf?index=true
  • https://befca69c-ec79-45b4-8b52-29bb0d70097a.filesusr.com/ugd/10e3af_26161106696544219cb6f48bbe5281ec.pdf?index=true
  • https://fe0444a0-fd57-44ea-9679-e2a8c637a595.filesusr.com/ugd/daca0d_570be11835ab47f785089ba73022b5a1.pdf?index=true
  • https://d5ecb256-96f6-45e0-813f-453c4781f614.filesusr.com/ugd/cc14e4_51ec740e9fc540f9b6d6da580ea51825.pdf?index=true
  • https://29e406c1-8421-42ec-a842-cdfd4c536808.filesusr.com/ugd/ced2dc_7b1e624df63f420da43879ca6781d8b9.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.