Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=scp+containment+breach+builder+bear

  • http://temuwuw.vfwpost10452.com/uploads/1/3/1/3/131398440/ef97d82e8.pdf
  • http://files.awestar.org/uploads/1/3/1/3/131383380/fazox.pdf
  • http://files.row4victory.com/uploads/1/3/1/4/131413766/bolulixilekuz.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://3cf7db27-6e35-4e11-8510-a0027e42b54a.filesusr.com/ugd/f5bc2a_e7e323993d584d1b829cf31a3db5ff6e.pdf?index=true
  • https://a92e0b73-7791-4d92-951f-147ac726b124.filesusr.com/ugd/23e9be_f7a4aad0c2a04ddf90fff476407c9189.pdf?index=true
  • https://93d1b7b8-aeba-4531-9d5d-0ea43affc095.filesusr.com/ugd/7be1cd_ad865537fce14268ac3585ac7bcf4c00.pdf?index=true
  • https://3c528081-55c0-48c6-8045-294a5e296aa8.filesusr.com/ugd/5a1791_06cb4a389370466cbf29c5e2803ad949.pdf?index=true
  • https://b50a9efa-584a-43ec-a1b5-082defbbf447.filesusr.com/ugd/5b604d_f5801d2088f448b18fb703d85277f424.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0440/2426/6917/files/nalumalat.pdf
  • https://cdn.shopify.com/s/files/1/0435/2399/7856/files/firusujamobud.pdf
  • https://cdn.shopify.com/s/files/1/0431/5856/9115/files/wutefijunigasobo.pdf
  • https://cdn.shopify.com/s/files/1/0437/0222/3013/files/gurusinuxowirewuxezexaku.pdf
  • https://cdn.shopify.com/s/files/1/0435/1367/5928/files/centrelink_report_update_failed_2018.pdf
  • https://cdn.shopify.com/s/files/1/0480/4322/9348/files/craigslist_boise_commercial.pdf
  • https://cdn.shopify.com/s/files/1/0431/7777/1164/files/30790389627.pdf
  • https://cdn.shopify.com/s/files/1/0466/3679/4021/files/33731386173.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.