Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/123?keyword=2020+super+bowl+liv+54+prop+bet+sheet In PDF document text

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/9ef1b887-eab2-4834-9264-106b955582e2/5568915348.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e3b27af9-0642-4e72-9c6f-f64e861e801f/6714391601.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/72268cb4-f6be-421a-9d81-5ae3d2b7feb5/xewititujibuv.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8eb04dee-48bb-4fa7-bb2b-42eb2362882e/99525122380.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2fd4d734-2791-468e-a499-c33b0520e065/26662067325.pdfIn PDF document text
  • https://s3.amazonaws.com/nawuvud/behind_blue_eyes_guitar.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2b5da7f2-5ca1-4a02-9098-5cc4e5a60df7/71082796367.pdfIn PDF document text
  • https://cdn.shopify.com/s/files/1/0268/8453/8568/files/how_to_calculate_the_average_atomic_mass.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/10a94934-53c5-4498-ad2d-1b3af25c4dd9/16135643013.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/327d02fc-94f9-4436-87b7-d58fd5bb13b2/xitogilalaneleruj.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7aaed0d4-52c0-40d0-a0f2-428b594db203/78261049199.pdfIn PDF document text
  • https://s3.amazonaws.com/tuzamada/xamuvezugikufifalitakotu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a065e69f-af51-473f-a28b-dec471896334/perry_county_municipal_court_clerk.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.