Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.cc/wix?keyword=boogie+woogie+country+girl+piano+sheet

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/cdb50c_f2784886e3114db3a815f9dc248268d9.pdf
  • https://static.usrfiles.com/ugd/d7ba0f_41812a4b65d74ef3be720eba3670534c.pdf
  • https://static.usrfiles.com/ugd/3cb679_b9fa7866c9c04fb7b95e13d86e40b5dd.pdf
  • https://static.usrfiles.com/ugd/1e4819_11e2ab330cf34c889c6f5db3c71085ed.pdf
  • https://static.usrfiles.com/ugd/d79848_4e66469bfaf74ec9bcadbafe6c6f4c18.pdf
  • https://cdn.shopify.com/s/files/1/0431/7354/4093/files/80751748636.pdf
  • https://cdn.shopify.com/s/files/1/0433/9240/1571/files/zugemununejide.pdf
  • https://cdn.shopify.com/s/files/1/0429/2732/5343/files/kesepokan.pdf
  • https://static.usrfiles.com/ugd/4d935e_48597fa696cd4eed936d9dcae2b14a35.pdf
  • https://static.usrfiles.com/ugd/b8c837_fe21bb3b5f854e4bb769562a51c4d40a.pdf
  • https://static.usrfiles.com/ugd/4826f5_811d5eddb8de4f6dbe29a0a5eb9464ca.pdf
  • https://static.usrfiles.com/ugd/253000_90f5fe958084442e86ecdf974d7a23fa.pdf
  • https://static.usrfiles.com/ugd/b8c837_bec8430e06fd4bc1a8199ad3303ab3a3.pdf
  • https://static.usrfiles.com/ugd/b8c837_8ed5dcf84bea4e1887ed27bc043eac2f.pdf
  • https://static.usrfiles.com/ugd/b8c837_4cba7a58abf64994b0ba3370926cca9e.pdf
  • https://static.usrfiles.com/ugd/b8c837_e51e4b763c4d4ca480252d4b11fa2a4e.pdf
  • https://static.usrfiles.com/ugd/b8c837_b818b6c3533a4e4dbe5128b69367856b.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • https://creativecommons.org/l
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.