Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/wix?keyword=family+guy+quest+for+stuff+hack+tool+download

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/b8c837_2d3ec3c1ad434ad798a0a73c8f47de11.pdf
  • https://static.usrfiles.com/ugd/b8c837_8f18b93e00c5441d98dc47483d6ac28a.pdf
  • https://static.usrfiles.com/ugd/b8c837_63f9f500c42244b78287e1844a08accb.pdf
  • https://static.usrfiles.com/ugd/b8c837_6902fd47bee947a9aeb8e43c9f1216b1.pdf
  • https://static.usrfiles.com/ugd/b8c837_a7c66bdfd47e45849508a83533fc6e57.pdf
  • https://cdn.shopify.com/s/files/1/0434/4011/1782/files/entry_level_resume_template_google_docs.pdf
  • https://cdn.shopify.com/s/files/1/0434/6596/5718/files/antecedentes_historicos_de_la_administracion_de_las_operaciones.pdf
  • https://cdn.shopify.com/s/files/1/0440/2449/6286/files/setigujulorofavajalinigo.pdf
  • https://cdn.shopify.com/s/files/1/0432/6418/0390/files/xaxitusonixozogopitapez.pdf
  • https://cdn.shopify.com/s/files/1/0433/7762/3201/files/72315154001.pdf
  • https://static.usrfiles.com/ugd/b8c837_852f630569be4b92b6d446a9ead2a2ab.pdf
  • https://static.usrfiles.com/ugd/b8c837_175eddbbee2643abaa28acc967ce3714.pdf
  • https://static.usrfiles.com/ugd/b8c837_c9a476d06f4149d8891dea33996ddab3.pdf
  • https://static.usrfiles.com/ugd/b8c837_a70d14e4017c4f3e9b472845f8e7e8a8.pdf
  • https://static.usrfiles.com/ugd/d9d1f5_4445d2e34cee4f118ba5090b01a2636e.pdf
  • https://static.usrfiles.com/ugd/b8c837_321509018dc64367ae7f55a15431404a.pdf
  • https://static.usrfiles.com/ugd/b85eb0_73d54b2279234704b412c5bec268242b.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.