Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=int+cannot+be+dereferenced+java+%25D0%25BE%25D1%2588%25D0%25B8%25D0%25B1%25D0%25BA%25D0%25B0

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://330503e5-3ada-417e-a3b0-37258d07ce66.filesusr.com/ugd/b27199_01f927cd09344c648b2d1577296bb74f.pdf?index=true
  • https://80575ec1-ae5b-4f0e-ab6d-9de5b27bed01.filesusr.com/ugd/e643da_c3198a59ce254b1186f096d4412a9967.pdf?index=true
  • https://0db97020-3f2a-41ad-b8f4-2fa943e95669.filesusr.com/ugd/031dda_3996a967a236472e87fee6a0fe19c1c0.pdf?index=true
  • https://0f6e462a-77aa-4ca1-a15d-64fc6c0869f9.filesusr.com/ugd/451a43_9fbde894016449c090b15dccc003f0ca.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0432/7600/9622/files/gaudy_night_dorothy_l._sayers.pdf
  • https://cdn.shopify.com/s/files/1/0431/6731/8167/files/lurig.pdf
  • https://cdn.shopify.com/s/files/1/0486/0087/5173/files/pupamejekujemupiderufebif.pdf
  • https://cdn.shopify.com/s/files/1/0432/7922/0891/files/19818530769.pdf
  • https://cdn.shopify.com/s/files/1/0433/9462/9788/files/qia_wow_classic.pdf
  • https://52711283-73bb-42fb-adc7-4efa98c7079f.filesusr.com/ugd/43d598_5f4afb3f4f3e49cb8ed8b78f5b067ee5.pdf?index=true
  • https://5abf8ccd-784c-4a49-a8fc-ce1d3a940ffd.filesusr.com/ugd/89441e_c0fc6b9291b44fdd95e709d604fa73f7.pdf?index=true
  • https://e8c9836d-328f-430a-a8ef-adc2e832ae5f.filesusr.com/ugd/9058e5_0a4d07719ac44b39870e677cca006a4d.pdf?index=true
  • https://5de74dab-1b64-45ee-9bfc-64076b877f63.filesusr.com/ugd/595093_68fa166ee259412b988c3ce3db34d371.pdf?index=true
  • https://98b2f34c-e271-421c-bb69-ea3542db0748.filesusr.com/ugd/54e393_edee05a088a9498998aabc8e0fbe3c99.pdf?index=true
  • https://314f486e-dd3b-4ee1-afa7-f86612257c2b.filesusr.com/ugd/5f4192_b454651e9042469aa6e5a298b337b58e.pdf?index=true
  • https://2d035f47-e76b-4d51-b81d-0181e970c2da.filesusr.com/ugd/99965f_c8d50e26910143ee8a50fdfec722ed7c.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.