Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=free+tetris+unblocked+games

  • http://files.paperandpoppies.com/uploads/1/3/0/8/130815277/de9b75b5b2e9e14.pdf
  • http://sigime.cindyveach.com/uploads/1/3/1/3/131398091/rejejijenubuvav.pdf
  • http://files.wcecoaching.com/uploads/1/3/1/3/131380616/335391df4.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://c8f4eff3-f5d2-4c7f-80f5-3507bd0032ce.filesusr.com/ugd/784815_d3a16e5faf5548ae94a14443ce645299.pdf?index=true
  • https://dfbc983e-010b-485e-b1d7-e06a3d0cd460.filesusr.com/ugd/e73fea_a54cceeeffc64c0fbaa173210f7a1a51.pdf?index=true
  • https://f2d206b7-65c9-4b3e-ab87-ebd1c706a87d.filesusr.com/ugd/accd1f_0a83515853d1446194fc404dcf8583f9.pdf?index=true
  • https://34e288da-463d-4332-b6b4-8a8a7b401517.filesusr.com/ugd/278743_3bd675169784426e9021fedf82a04c16.pdf?index=true
  • https://d97a4d51-de04-48d6-880c-f2747644a04d.filesusr.com/ugd/5e81b9_b5d5c7afdcf84f0c88e7f0a104338d40.pdf?index=true
  • https://a7898eb8-c20a-48f4-a39e-674d3bc61a8f.filesusr.com/ugd/f1780b_7f4175d94e9f4ece801583174a0039f5.pdf?index=true
  • https://316cbc22-c7f2-47b5-863b-ffd3b43954af.filesusr.com/ugd/64bd79_1bace3be8cf34ad8a5324cfec2e2ff25.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0430/6701/5329/files/livuvadigiv.pdf
  • https://cdn.shopify.com/s/files/1/0428/9373/8143/files/34295823542.pdf
  • https://cdn.shopify.com/s/files/1/0427/4615/1078/files/sqlite_android_studio_github.pdf
  • https://cdn.shopify.com/s/files/1/0431/9117/3277/files/albuquerque_hourly_weather_report.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.