Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/pify?keyword=german+dog+commands+translation

  • http://bidubama.gretchenwilliamsyoga.com/uploads/1/3/2/3/132303382/naxelowusu_gipubabufap.pdf
  • http://files.tishatinsmanphotography.com/uploads/1/3/1/4/131411474/bidanoximemova.pdf
  • http://files.syzygydanceproject.org/uploads/1/3/1/3/131398428/lefeguzofegixogo.pdf
  • http://tatalowej.oceangateyachtbasin.com/uploads/1/3/2/8/132814261/6278004.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://08ef5a49-cc04-4ac8-8dac-67e1232cf526.filesusr.com/ugd/370ea2_74424ec7580547a3aaf24c68b028e595.pdf?index=true
  • https://902604b1-cbcf-4854-99d1-81d6b4397573.filesusr.com/ugd/9ea91e_dcb44ffa867f4266b1564098d086fc24.pdf?index=true
  • https://2187dcc1-4cf8-40fc-935c-2967aa27e719.filesusr.com/ugd/b28ae2_ae2fbd90523043c3bc0805c0cc23957b.pdf?index=true
  • https://cd929a4a-1e79-489b-a5fb-5d3dfbbb3130.filesusr.com/ugd/3ed902_2861e0412e5e4bd9a96adfa47ad40940.pdf?index=true
  • https://84d9faf7-9f61-4332-ad2a-ff09f30ca968.filesusr.com/ugd/2c76f4_ce1ec886d4a0495082388808e5fade2d.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0436/1935/2740/files/dipato.pdf
  • https://cdn.shopify.com/s/files/1/0463/2733/3019/files/60981290504.pdf
  • https://cdn.shopify.com/s/files/1/0433/0687/7080/files/godikuka.pdf
  • https://cdn.shopify.com/s/files/1/0432/8616/7702/files/ceresit_cn_69.pdf
  • https://b01f80b0-f2d1-4eec-a41d-63ef046fdd15.filesusr.com/ugd/af0aa9_339e9404283e4da1a587930d665f937e.pdf?index=true
  • https://02ec7a76-3dcf-4be6-86f3-e26336878373.filesusr.com/ugd/5a4aad_772b514e6cb34d9086a77c012fc0c6fd.pdf?index=true
  • https://aa40fa03-df43-4734-9ccd-9fd4f96b3a2e.filesusr.com/ugd/8b49c6_ca640d3a530e438f88615304b910f035.pdf?index=true
  • https://f8fca7b4-8c55-4bca-943b-9e37396f343d.filesusr.com/ugd/2ca22b_60328108c6a24c58bd9fcbd4e05d1966.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.