Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=login+template+bootstrap+material+design

  • https://bbbootstrap.com/snippets/embed/login-form-material-design-icons-45864640
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/46a5ae_b8bb4fa99c03438e97fc7cbbddd2fe3e.pdf
  • https://static.usrfiles.com/ugd/fdee49_5d6e85aed7fb485993214eeab317d15a.pdf
  • https://static.usrfiles.com/ugd/3bca44_28e14ea8b8004146bffe45d1f88b6037.pdf
  • https://static.usrfiles.com/ugd/144d27_7cb10424b9fa4a409630254f124d285c.pdf
  • https://static.usrfiles.com/ugd/3fc21f_b6c6b0a7069747368030174a99f7907a.pdf
  • https://static.usrfiles.com/ugd/85d67f_8be61edbe1844907b23b1d46731533ec.pdf
  • https://static.usrfiles.com/ugd/a91264_f6d91d8347af49d1a5af43ad6e0a5679.pdf
  • https://cdn.shopify.com/s/files/1/0429/9368/0547/files/gomizinofubun.pdf
  • https://cdn.shopify.com/s/files/1/0456/5270/5447/files/angular_material_card_template.pdf
  • https://cdn.shopify.com/s/files/1/0440/0598/2366/files/9424722260.pdf
  • https://cdn.shopify.com/s/files/1/0433/0687/7080/files/46456123156.pdf
  • https://static.usrfiles.com/ugd/53c654_39306327dce14b5c81c97c6a44311d84.pdf
  • https://static.usrfiles.com/ugd/66c878_193c7d2ab6a949748e4b937ee57febc7.pdf
  • https://static.usrfiles.com/ugd/cc3ca9_d218a07f3d304d3b9fb2ed4146d8afae.pdf
  • https://static.usrfiles.com/ugd/c1de29_38eef3cbd0f145fc9189d91a32a43b9c.pdf
  • https://static.usrfiles.com/ugd/b8c837_f97fa90c669740a3bcc3e42ca525cfbf.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.