Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=the+sims+mobile+mod+apk+unlimited+money+download

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://cdn.shopify.com/s/files/1/0435/6515/4463/files/nvidia_geforce_gtx_960m_driver.pdf
  • https://cdn.shopify.com/s/files/1/0436/2603/7411/files/30823554643.pdf
  • https://cdn.shopify.com/s/files/1/0433/7323/2291/files/bridges_math_grade_3_answer_key.pdf
  • https://cdn.shopify.com/s/files/1/0428/8803/6505/files/cardiogenic_pulmonary_oedema_in_dogs.pdf
  • https://cdn.shopify.com/s/files/1/0430/7812/3680/files/binder_cover_templates.pdf
  • https://cdn.shopify.com/s/files/1/0440/7400/8741/files/24669709473.pdf
  • https://cdn.shopify.com/s/files/1/0433/9728/3996/files/54832861394.pdf
  • https://cdn.shopify.com/s/files/1/0440/3052/5590/files/hyperbole_in_poetry_worksheets.pdf
  • https://cdn.shopify.com/s/files/1/0432/8102/3140/files/96457813628.pdf
  • https://cdn.shopify.com/s/files/1/0435/3835/0231/files/86458272014.pdf
  • https://cdn.shopify.com/s/files/1/0434/0065/9100/files/vewef.pdf
  • https://cdn.shopify.com/s/files/1/0482/6900/0865/files/bay_to_breakers_2017_dates.pdf
  • https://cdn.shopify.com/s/files/1/0435/2340/8036/files/indonesia_archipelago_of_fear.pdf
  • https://cdn.shopify.com/s/files/1/0434/8982/0836/files/87181570969.pdf
  • https://f547354a-f40b-4a5a-85cf-b4834985cc75.filesusr.com/ugd/17ce20_4cee2fa4bb3e4c4ca340e8825d479365.pdf?index=true
  • https://52c61f1b-cbc5-4a8b-96f0-40f5f7875a03.filesusr.com/ugd/a01749_c8fd52d3300944399763ea8d01e6a95d.pdf?index=true
  • https://8f3c1d86-6145-4829-a19c-5760adeeaab9.filesusr.com/ugd/739437_82bc9dc34b764cd2b43e1f425607516d.pdf?index=true
  • https://90ec8512-fe9c-4d62-b138-a9f8769fbf5d.filesusr.com/ugd/49488e_6c6bba41bd88487595f627a5de210221.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.