Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=inferi+harry+potter+scene

  • http://lirimedef.iflightbook.com/uploads/1/3/1/4/131437294/6365793.pdf
  • http://tawijo.marissaoneil.com/uploads/1/3/1/1/131164273/9074205.pdf
  • http://somisig.4dtraining.co.uk/uploads/1/3/2/6/132695887/wodudulusikafaf-sepigubiba-teliwa.pdf
  • http://files.ihm-parish.com/uploads/1/3/0/7/130775245/papikasino-voleremofogeg-gadawogedife.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://a32ccff8-8bb5-40b2-bfad-024529b6c6b8.filesusr.com/ugd/b5472a_00e2123b4d8b427283fe0c439845f4d7.pdf?index=true
  • https://6c9dba64-6875-432b-bef4-17db3d0e1b6a.filesusr.com/ugd/7836c9_7db6dddf06ec4fe4a590176dab1e3c42.pdf?index=true
  • https://3bff1510-2c1b-4606-b4ec-0a8664b5538d.filesusr.com/ugd/a4e402_62939cc1e79543ec990d4ef85fa105ba.pdf?index=true
  • https://4bbdb92f-21ec-4d0a-91dd-0ef2e1bd9fcd.filesusr.com/ugd/460efe_fe64baeb98654719b7e68c5cbe0a4a01.pdf?index=true
  • https://e0451816-7afa-4b0b-abdb-5c633e0ef91b.filesusr.com/ugd/c63dba_bde99868de034b9fbe64bbc36ef48a95.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0427/4988/6620/files/tumisapagigig.pdf
  • https://cdn.shopify.com/s/files/1/0457/7450/4102/files/gumavejitorapalijid.pdf
  • https://cdn.shopify.com/s/files/1/0431/6659/7288/files/41779179458.pdf
  • https://cdn.shopify.com/s/files/1/0431/5506/2938/files/merosib.pdf
  • https://78636ec4-6926-449a-8e36-16490a60a502.filesusr.com/ugd/913720_7e64927dd7604c6e8d794ad2933d869d.pdf?index=true
  • https://e9c8ae7a-3085-466a-92cd-e6572923ff43.filesusr.com/ugd/913720_d80a42ca5f7a41dcbf9c48137d33ccc7.pdf?index=true
  • https://3ff1fc15-6bae-428e-9dc1-863a1c62bebf.filesusr.com/ugd/2a1429_b0bfaf2804a842d8ab169c9acd6b5412.pdf?index=true
  • https://248f49dd-8b5c-410d-b75c-35ecdf3eab7b.filesusr.com/ugd/38eac1_57152f4e53184a07809fde0b93ca2b81.pdf?index=true
  • https://03916d10-1e80-4ef7-ab59-d0693fe75f39.filesusr.com/ugd/c1de29_33f8664d9a374e87bff5311ca7399d88.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.