Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.cc/wix?keyword=security+alarm+tampering+detected+pl

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/3aee12_9fea2aa3657b4a908077cdcfb9e3ca22.pdf
  • https://static.usrfiles.com/ugd/eda9ba_f7bbf8e9c9904cb590def5ec8ab35219.pdf
  • https://static.usrfiles.com/ugd/b8c837_905df093d5004ff2890dfef871bb503e.pdf
  • https://cdn.shopify.com/s/files/1/0431/0568/1562/files/amort_chart_in_excel.pdf
  • https://cdn.shopify.com/s/files/1/0461/9131/3059/files/new_movies_2019_bollywood_in_tamil.pdf
  • https://cdn.shopify.com/s/files/1/0428/2292/6492/files/wordly_wise_3000_book_5_lesson_20.pdf
  • https://cdn.shopify.com/s/files/1/0447/4395/0490/files/greenland_ice_sheet_july_2019.pdf
  • https://cdn.shopify.com/s/files/1/0433/7985/1414/files/logolotonupamunakeka.pdf
  • https://static.usrfiles.com/ugd/fac845_c05068ae9a5a4f6b865df5b1eb0ccfc3.pdf
  • https://static.usrfiles.com/ugd/b8c837_ce63b69f24a0449dbed244ece44d484c.pdf
  • https://static.usrfiles.com/ugd/6cf392_dea86ae8fc83432e8db9a045a9d9b53e.pdf
  • https://static.usrfiles.com/ugd/5b9a87_33866a2574154b0984ba46cf22214db0.pdf
  • https://static.usrfiles.com/ugd/c836c3_981da72915fd41df97c2b51f3e661bd7.pdf
  • https://cdn.shopify.com/s/files/1/0433/4315/1272/files/899057395.pdf
  • https://cdn.shopify.com/s/files/1/0434/0475/5096/files/visual_auditory_kinesthetic_test_for_students.pdf
  • https://cdn.shopify.com/s/files/1/0434/8297/2326/files/weramonovapazewilepuda.pdf
  • https://cdn.shopify.com/s/files/1/0438/3503/1712/files/joxenixutubasud.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.