Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=facebook+unlimited+likes+apk+download

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://20fe6865-2c5e-4448-874b-4a6bb623b55a.filesusr.com/ugd/516793_fee6349f340744db83a633631a84789b.pdf?index=true
  • https://89a48184-b8c8-4c5e-b650-3a1aab2f352a.filesusr.com/ugd/8c0e65_1556849df3534b9485cde16337d4da19.pdf?index=true
  • https://33ec3420-ab41-4c48-95e6-6ce9ce8f8e6e.filesusr.com/ugd/fbccce_8b9e0f2064134ced88bada2ef9db3117.pdf?index=true
  • https://7c4ece19-f8c1-4623-a9fb-ad850443d526.filesusr.com/ugd/defd8a_604bb8da7b824f3c9904eae5030d1709.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0430/7196/3296/files/xofenovubaloluvikese.pdf
  • https://39d46c24-66da-41c4-967f-30f13627f48e.filesusr.com/ugd/22739b_0b5381aa65d44b269d6ad535db92373e.pdf?index=true
  • https://4e840cdb-8fc4-4d32-8698-ff8c97a74d81.filesusr.com/ugd/5dc3ca_627691f57b0c41318396f8d22b3a1b27.pdf?index=true
  • https://73901e96-d3b0-45c4-b2ad-0ef740ba325a.filesusr.com/ugd/f1780b_931168c2c5c24de584214bcf69e4bb00.pdf?index=true
  • https://5803e18a-f245-4fd8-8a75-aa34e29693e9.filesusr.com/ugd/9ec29b_1222e25aa09d4331a5498e88d91a7dd8.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0430/6891/5863/files/zodigegesovibizud.pdf
  • https://cdn.shopify.com/s/files/1/0433/8073/6150/files/b_ed_syllabus_mumbai_university.pdf
  • https://cdn.shopify.com/s/files/1/0431/9612/1248/files/candy_crush_hack_unlimited_gold_apk.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.