Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/wix?keyword=amparito+roca+pasodoble+pdf

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0449/6978/7560/files/deutsch_english_and_chinese_visual_dictionary.pdf
  • https://cdn.shopify.com/s/files/1/0439/2773/2379/files/83377579978.pdf
  • https://cdn.shopify.com/s/files/1/0450/8496/7077/files/adobe_illustrator_cs6_for_windows_free.pdf
  • https://cdn.shopify.com/s/files/1/0432/6742/4416/files/80951177613.pdf
  • https://static.usrfiles.com/ugd/b8c837_58c0e2677d264bdfb97c9b6145d5f366.pdf
  • https://static.usrfiles.com/ugd/b8c837_d67b4c963fb44659a47360a24d2ee498.pdf
  • https://static.usrfiles.com/ugd/c068f8_3582541922904d7293d38fb5c1ff45c6.pdf
  • https://static.usrfiles.com/ugd/b8c837_50199653541b47a692d79a1b27ef0e76.pdf
  • https://static.usrfiles.com/ugd/b8c837_6d1f8fe4a33d46089843b871d05a5bbf.pdf
  • https://static.usrfiles.com/ugd/0aab01_c13a328e4b56494b834c0f1abd2be51b.pdf
  • https://static.usrfiles.com/ugd/6df952_bb461ce3bf204596b3ff4fcc2e62c74b.pdf
  • https://static.usrfiles.com/ugd/defcb2_cb4c219d8b5742288647748d4de2335b.pdf
  • https://static.usrfiles.com/ugd/b8c837_5eb25f9902e447c89147184e0b68948f.pdf
  • https://static.usrfiles.com/ugd/affaa6_7fb67a5fefdd4b9fbad97fe33507f478.pdf
  • https://static.usrfiles.com/ugd/d9d1f5_e479103f143740d6864f48d40a749bc3.pdf
  • https://static.usrfiles.com/ugd/b8c837_f4bf6b409ea74fed8cf0887e40321912.pdf
  • https://static.usrfiles.com/ugd/6846fe_08060fa1b8f045b9852799c323fb561f.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.