Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.cc/pify?keyword=ms+access+application+free

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0434/0174/0439/files/bse_odisha_history_book.pdf
  • https://cdn.shopify.com/s/files/1/0459/2585/9495/files/carpal_tunnel_exercises_after_surgery.pdf
  • https://cdn.shopify.com/s/files/1/0432/8354/6267/files/wavovizexodufa.pdf
  • https://static.usrfiles.com/ugd/b8c837_e0c3c45da79249788ec0ee31b601bc21.pdf
  • https://static.usrfiles.com/ugd/409ca8_3d9250b902dc4ef88d853ad06f519f9e.pdf
  • https://static.usrfiles.com/ugd/b8c837_d9409c01551b4dadba2efda7128ec2df.pdf
  • https://static.usrfiles.com/ugd/bd5c68_c5b51251fff54d64897bdd5c2349f918.pdf
  • https://static.usrfiles.com/ugd/b8c837_51de7105e05e4e798e6da468956b3eb4.pdf
  • https://static.usrfiles.com/ugd/0f1814_fb86b23aa2d24186ad2f6dadd7490814.pdf
  • https://static.usrfiles.com/ugd/b8c837_b6119add9b6548a69bda4b1565afe2f1.pdf
  • https://static.usrfiles.com/ugd/5438e3_943cf6447c254850ac28ff73c6bc0e0f.pdf
  • https://static.usrfiles.com/ugd/191a6d_466dd7773ca241d5bdffe8ac1ce54624.pdf
  • https://static.usrfiles.com/ugd/b8c837_7d10fabd072346dda4cf7dba52b25347.pdf
  • https://static.usrfiles.com/ugd/49be48_ef9a9986297441aab63bd1ec6085741c.pdf
  • https://static.usrfiles.com/ugd/b8c837_23a6596119524cc8bfee711c6534483c.pdf
  • https://static.usrfiles.com/ugd/a43ec6_ca9fea5782614649af8c38e7071fa2b8.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.