Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=forgotten+disney+princess+list

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://f75e233b-4d2c-4ef3-b51c-d41a3bc33b2c.filesusr.com/ugd/f35da0_cd7a4734f9ce49f0a741d5745fb2d93c.pdf?index=true
  • https://1570acfc-617c-4388-a547-1892b55f36f4.filesusr.com/ugd/7cefa9_0d0f1f9901d84fffa5097fc14ff91c6c.pdf?index=true
  • https://873f1ac7-136a-4774-84a3-bfb1fbe4cc9e.filesusr.com/ugd/9cfd0a_f4777f53033845579adb3bdf1c0233a9.pdf?index=true
  • https://a1173c95-a2ad-495e-9859-5c097103bead.filesusr.com/ugd/bf0735_4a63ea986ddc4a2e88e5e699d24dd3d0.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0436/3960/3360/files/pudofumig.pdf
  • https://cdn.shopify.com/s/files/1/0432/7076/6750/files/hyperloop_transportation_technologies_seminar_report.pdf
  • https://cdn.shopify.com/s/files/1/0464/8068/7272/files/retro_brick_game_simulator_apk.pdf
  • https://cdn.shopify.com/s/files/1/0437/5920/6549/files/kefilarime.pdf
  • https://68127265-456b-4a50-8550-fd35a0468d38.filesusr.com/ugd/90423f_9f90a438f6794fa3b645f21d09340841.pdf?index=true
  • https://8c286bbb-dced-4ee8-b45e-b3c2dccc80d2.filesusr.com/ugd/41a0b6_a108ba6b1a464ad986ff20a48a0fe456.pdf?index=true
  • https://b2b06046-4db9-4ca2-8231-55df95593ea1.filesusr.com/ugd/0ad6c7_ffc7cb35dd024fb4ac0d1a7e557292cd.pdf?index=true
  • https://23d0ae00-770e-4433-ae24-6e3cd15343fb.filesusr.com/ugd/4bdc6d_edbe27b7f8954f558c28e20131c9911b.pdf?index=true
  • https://057b2a7c-feea-46fe-b4d6-c99943e5d6e8.filesusr.com/ugd/cfbfd2_d2f9afb574e74ee8ae8a07e92c33b2b4.pdf?index=true
  • https://4bcab4ea-a508-441c-93d2-f4d4592ecb54.filesusr.com/ugd/771ea4_4218147b71fe46018b4fb0564e06cb6d.pdf?index=true
  • https://6fdd5629-2ad0-44b3-8aae-e065683b5ba9.filesusr.com/ugd/74e9cf_dd1a2041fce7493abfd60a79294cefde.pdf?index=true
  • https://ed991b22-1601-4314-a125-f18ff9160019.filesusr.com/ugd/d7d6cd_b1e54e99e3e74ea8813bf1573894eadc.pdf?index=true
  • https://05772c36-390c-4af0-ae59-2e3bb25a2977.filesusr.com/ugd/38eac1_89edda8542af46ac8230181608679b72.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.