Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=2008+honda+shadow+owners+manual

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://fe9376ad-ae9f-47f6-a1d4-e7eb3a72cb48.filesusr.com/ugd/4329d7_9e8048efc06042c1b2e4ab6c9903867c.pdf?index=true
  • https://1a3a9082-bba5-418b-9eea-0ca8c39cd07f.filesusr.com/ugd/04e6f9_9a7ed084f2e74da2803f5883ee338144.pdf?index=true
  • https://ea7f6f7b-ee76-4982-9ac8-70fca99af599.filesusr.com/ugd/96564c_ae73b14d109a47a0bfc81efd33e7e8dd.pdf?index=true
  • https://749e455f-6c97-48d7-8f7d-37030cdd4792.filesusr.com/ugd/2b25b5_7cc7549f940f4703971e4f729bd736e7.pdf?index=true
  • https://d0c13074-03b3-4d7c-824b-5ed3947f5177.filesusr.com/ugd/7e6083_4b5ee3d3308e41c6b7d34c18f7ba0935.pdf?index=true
  • https://2e6921c5-b61d-4a77-a599-37a136a6bbed.filesusr.com/ugd/b41a9a_02712f9167244e4a86fed0ef0b1a7648.pdf?index=true
  • https://bb57c9dd-c73b-4a2f-bbef-7a70b8f4e5e3.filesusr.com/ugd/735424_0a04d198ac894b4b89ec0076841899ad.pdf?index=true
  • https://40b08393-5ef4-4d58-a62b-d82ef2cc7b0c.filesusr.com/ugd/7cefa9_9f782048bcac42ada89ccfdd90b1d077.pdf?index=true
  • https://621d63e4-0a09-4f1c-a1a7-374daea6e98d.filesusr.com/ugd/c8683e_f7040d872eba4d8a9bea69f80f6ac4cc.pdf?index=true
  • https://8ff7c95f-7d2c-4b9e-844e-e09069d42dcb.filesusr.com/ugd/cc14e4_128b2f298d7448e1b18022bc71438b69.pdf?index=true
  • https://06fbae07-2f00-45e1-b294-b5561b96385f.filesusr.com/ugd/221eaa_1aa604ffbbc84818b279709e2ea1981f.pdf?index=true
  • https://d7eee598-d4fd-4889-a95c-31ad9b8c3f10.filesusr.com/ugd/9904c2_97752e3d6bb84854bd179ef7bf51c806.pdf?index=true
  • https://109274d6-7519-4ec7-8e8c-6c95c6388d9b.filesusr.com/ugd/cc03df_3bab83e2626847358cc99c4da48625ca.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.