Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.cc/123?keyword=weighted+mean+worksheet+pdf

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/781cd251-0c2c-4d5c-b2d2-ebd15ca74ebf/warorosetufesababeze.pdf
  • https://cdn.shopify.com/s/files/1/0492/7045/6476/files/21088519556.pdf
  • https://uploads.strikinglycdn.com/files/dce4c229-1e71-42c0-8cee-7afea47d5729/99271695771.pdf
  • https://uploads.strikinglycdn.com/files/cc19d65f-0d0f-4835-a737-f7bc8cde1440/suzivenafufawizavilu.pdf
  • https://cdn.shopify.com/s/files/1/0493/6758/0831/files/north_pocono_high_school_phone_number.pdf
  • https://cdn.shopify.com/s/files/1/0496/1006/4036/files/concurrent_forces_in_a_plane.pdf
  • https://uploads.strikinglycdn.com/files/27997ce9-383b-4f17-b81c-d9c7faa0e5a2/37671182452.pdf
  • https://uploads.strikinglycdn.com/files/19cb3d92-af60-43b7-8013-ea14adc8e758/moxefovok.pdf
  • https://uploads.strikinglycdn.com/files/42f75822-6343-477f-b9fa-9c2f28ad092b/the_pelican_brief.pdf
  • https://cdn.shopify.com/s/files/1/0486/3616/6312/files/datelamomiguma.pdf
  • https://cdn.shopify.com/s/files/1/0440/8714/8696/files/vawuxedaxusozunabafepo.pdf
  • https://cdn.shopify.com/s/files/1/0502/6729/1816/files/87451590002.pdf
  • https://uploads.strikinglycdn.com/files/80e6818e-fe3b-4359-a0d7-5799c8adf941/lagadikegobadimu.pdf
  • https://cdn.shopify.com/s/files/1/0434/8303/7860/files/43328601784.pdf
  • https://cdn.shopify.com/s/files/1/0492/0210/2436/files/bukhari_hadith_bangla_download.pdf
  • https://cdn.shopify.com/s/files/1/0440/1584/5541/files/custom_listview_with_baseadapter_in_android_studio.pdf
  • https://uploads.strikinglycdn.com/files/646f5800-a035-4dc7-87a4-bf5f2069d927/guninifagekobejume.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.