Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=chemistry+worksheet+wavelength+frequency+and+energy+of+electromagnetic+waves+answers

  • http://files.sandpointstakecommunications.com/uploads/1/3/0/7/130776655/489252.pdf
  • http://files.commonharvestcsa.com/uploads/1/3/2/3/132303209/cbeead.pdf
  • http://files.brianwhitson.me/uploads/1/3/1/6/131606046/85f33fe.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://aa9d992c-faaf-4514-a1d8-e53b1af88bc2.filesusr.com/ugd/1a1092_3ec5da883360490bbb3d67da527b76ec.pdf?index=true
  • https://de00ddf8-18cf-4e77-aa3e-0584e3bba0fd.filesusr.com/ugd/69695d_b7d9732612ac4db6a0636858463a1b81.pdf?index=true
  • https://ebf9b1a7-1a74-477a-939b-51c7068a047e.filesusr.com/ugd/b41a9a_b4e04d68e3124df4b1bc92ac80f365ca.pdf?index=true
  • https://08012d1c-ed3f-4de5-a046-be40c0c31758.filesusr.com/ugd/bc4951_dd29c97158f448bdbd23e56e7760a9a1.pdf?index=true
  • https://80936273-9bd9-402c-8f1b-ee929b2f845e.filesusr.com/ugd/f51585_98c0b5160b2947b689edbafb3e094d32.pdf?index=true
  • https://830406c8-7078-4548-a8a7-f9f7c2536c57.filesusr.com/ugd/3a38e0_25e8c1b4c56044ac8218ddb08e4a6f6c.pdf?index=true
  • https://ff889963-0651-4380-a694-301087fd680b.filesusr.com/ugd/0182ef_0d4ad7493af64d74ac4faab5e0e5c1de.pdf?index=true
  • https://8625763e-31be-42c8-9164-195d4bfaa550.filesusr.com/ugd/704566_c4b9cab90b6f4fa09ed1a1349ab01765.pdf?index=true
  • https://aa71a45c-4f4f-4f7c-9b1b-78412b0148e8.filesusr.com/ugd/9f06f8_4e23f8c2e6dd4ed68a4e1aa0ff57ce1f.pdf?index=true
  • https://ac4ea6aa-15eb-462d-acbf-cb1f763b918e.filesusr.com/ugd/564d2e_c359e6086414401f853473947cf68dd9.pdf?index=true
  • https://77a4120c-4fc8-4daf-89c5-761f3ef7979c.filesusr.com/ugd/7ff653_dbc61ee895fc429797ee718db081adba.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.