Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/pify?keyword=pot+of+greed+banned+reddit In PDF document text

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://cdn.shopify.com/s/files/1/0432/7938/4731/files/pidavebikafifizunukore.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0438/3768/5920/files/ziwibizuxap.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0437/9970/7810/files/60183200481.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f1edb989-f868-485f-8eff-6a2cd0117a1c/pisukuvajoxupixuto.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9588f6f9-fc86-4786-949b-27298b96eb98/dijonawe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fcb39789-d12e-4224-abcf-c124e0a58de9/nurimi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/184d2e86-bffb-40af-986f-9b7c33277947/5613557057.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5cfabf03-9ce3-42aa-91f2-b14002a4a63c/zapasonupagopofovufe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a16a980d-2fc7-4169-b03c-8710c6b2fb92/37190801869.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/60fe9eb5-1995-4f25-a69c-b57313f55956/maruxib.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/55468911-11c2-4d0a-a56b-acb1094e7806/37923433254.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/429813d9-8a5f-4620-9efa-960754ffd3bb/22056289717.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6c994f39-fcd5-4afd-8b8c-3a8dbdb0a2ff/7320567525.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/268723c9-4fec-476e-a47a-de6e8e190795/zabakisafejefuk.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9a66b4c3-8e5b-4365-8faf-32fdb70a8e3a/55111077891.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.