Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/wix?keyword=ati+ipx+400

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0439/7744/1438/files/kudelamu.pdf
  • https://cdn.shopify.com/s/files/1/0431/5247/4280/files/skf_rolling_bearings_catalogue.pdf
  • https://cdn.shopify.com/s/files/1/0429/7624/7971/files/64064596854.pdf
  • https://static.usrfiles.com/ugd/b8c837_b08ff53c2f6d423aa3e356dd50584849.pdf
  • https://static.usrfiles.com/ugd/409ca8_285decc7d69846689ea7fab07e7ac112.pdf
  • https://static.usrfiles.com/ugd/b8c837_c1c55af24b0a4521af701ff3025378bd.pdf
  • https://static.usrfiles.com/ugd/39cb9d_b13b03e259064c088c415d759ca8a86a.pdf
  • https://static.usrfiles.com/ugd/c3f88d_4fd93d27bbce48c2b4c11d6ebb037b1f.pdf
  • https://cdn.shopify.com/s/files/1/0432/5464/4894/files/gunalumivobije.pdf
  • https://cdn.shopify.com/s/files/1/0431/5018/0503/files/anticresis_definicion.pdf
  • https://cdn.shopify.com/s/files/1/0437/5193/2065/files/jorali.pdf
  • https://cdn.shopify.com/s/files/1/0434/4446/9927/files/beguximoka.pdf
  • https://cdn.shopify.com/s/files/1/0438/0203/4336/files/41687417355.pdf
  • https://static.usrfiles.com/ugd/b8c837_de39db9160a14e5b852ed7e15ec69196.pdf
  • https://static.usrfiles.com/ugd/83b1b3_02e6e2a1e3b04207a8063fa0a575bc3f.pdf
  • https://static.usrfiles.com/ugd/b8c837_7ca9236a8cce4246a9ea33e387d48a58.pdf
  • https://static.usrfiles.com/ugd/de02f3_a420bb3aaae441d5b36490f66f772fce.pdf
  • https://static.usrfiles.com/ugd/74c34a_978a8bd5268e4a35a9591ef49f71e92b.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.