Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=hansen+%2526+adkins+auto+transport+jobs

  • http://wusedige.sharonrobotics.org/uploads/1/3/0/8/130813117/848574b08fcb.pdf
  • http://files.hugreece.com/uploads/1/3/0/7/130775528/zegogumufit-warobeguzuxuliz-tofadamaduked-wofajamiwu.pdf
  • http://files.indygreencongregations.org/uploads/1/3/1/3/131379971/3832509.pdf
  • http://vuvur.missingpersonsrv.com/uploads/1/3/2/3/132303354/598715.pdf
  • http://files.orientalvenus.com/uploads/1/3/0/7/130739210/7385294.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0463/7822/1729/files/top_paid_android_apps_free.pdf
  • https://cdn.shopify.com/s/files/1/0433/0687/7080/files/84407481133.pdf
  • https://cdn.shopify.com/s/files/1/0431/3445/1874/files/bozijenomujumufinazumi.pdf
  • https://cdn.shopify.com/s/files/1/0427/9074/8316/files/green_glass_room_riddle_answer.pdf
  • https://cdn.shopify.com/s/files/1/0433/9272/9246/files/70980754549.pdf
  • https://a1bcf5d0-79dc-4a23-9081-0fc50e1bb172.filesusr.com/ugd/5de1df_590a02f3e37747258cfed597bd5951bd.pdf?index=true
  • https://66d4f5be-eaaf-47a3-8ac0-ebe1f7b5b10f.filesusr.com/ugd/b2ba6b_f9f95fbf09ef4e6785d1ee2bd2796c71.pdf?index=true
  • https://c835ee1e-1829-438d-ab7c-d6bc6c4e14f9.filesusr.com/ugd/d4c4cf_5806a04d7fb54ecf8668ba88ccd3b796.pdf?index=true
  • https://c79e3de3-2ed2-4120-a384-cfe9008a4e36.filesusr.com/ugd/6c313a_116e756a241f439791c45a41c81d195c.pdf?index=true
  • https://24cbfadb-1610-4e87-98a5-419c00eabb09.filesusr.com/ugd/35ddae_72b71b860a5b4fc9b449d71ed56ed73e.pdf?index=true
  • https://03f3a206-3580-425e-9393-d823d21e89d0.filesusr.com/ugd/98857b_bfb5be99a1f34518b11c40049942ab0c.pdf?index=true
  • https://fb269893-00bc-4aab-94b5-f8cf32c22bba.filesusr.com/ugd/e9cba9_9e9da759f73f42c4b001530e8fdc4e6c.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.