Malicious PDF — malware analysis report

Heuristics 7

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Recovery secret / private key request critical SE_SECRET_RECOVERY_LURE
  Document requests recovery phrases, private keys, backup codes, or saved passwords. Requests for these secrets in a document are high-risk.
• Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
  Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
• Remote-support tool lure high SE_REMOTE_SUPPORT_LURE
  Document instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=teamviewer+8+old+version

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0470/9659/4590/files/elopement_risk_assessment_template.pdf
  • https://cdn.shopify.com/s/files/1/0434/7301/0845/files/carlos_castaneda_knjige.pdf
  • https://cdn.shopify.com/s/files/1/0435/8314/4093/files/bases_nitrogenadas_y_acidos_nucleicos.pdf
  • https://cdn.shopify.com/s/files/1/0429/1769/1559/files/ubuntu_14._04_download.pdf
  • https://cdn.shopify.com/s/files/1/0438/4564/8546/files/zogofik.pdf
  • https://static.usrfiles.com/ugd/b8c837_7d10fabd072346dda4cf7dba52b25347.pdf
  • https://static.usrfiles.com/ugd/cb4a18_0244d6d781554d6f8a1ac8a5bd761fbd.pdf
  • https://static.usrfiles.com/ugd/4479ed_73dc236facb646b5aebac9496b0aea12.pdf
  • https://static.usrfiles.com/ugd/f14cf6_a8667e0a67504a3f899812fb5b5cf2ed.pdf
  • https://cdn.shopify.com/s/files/1/0465/3645/8399/files/56371820312.pdf
  • https://cdn.shopify.com/s/files/1/0430/9381/9541/files/sudulemukizumagadazewuno.pdf
  • https://cdn.shopify.com/s/files/1/0434/8801/8594/files/god_of_war_movie.pdf
  • https://cdn.shopify.com/s/files/1/0429/6556/5589/files/mercedes_190e_manual_transmission_swap.pdf
  • https://cdn.shopify.com/s/files/1/0428/9835/8432/files/koxumugude.pdf
  • https://cdn.shopify.com/s/files/1/0465/8331/6647/files/catastrophism_gradualism_uniformitarianism_volcanoes.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.