Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=wonder+teacher+guide+pdf

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://53b3861e-0fac-4d69-ae76-0667e0f90444.filesusr.com/ugd/4cf28d_282339c229ce42359087de981a3f3f69.pdf?index=true
  • https://9cfb1dd6-38c2-4cd7-9504-6e0961ae9e66.filesusr.com/ugd/b42fd6_3f4029f8c69a41538d61353ac730cd4b.pdf?index=true
  • https://f87225c4-b012-4b4b-828e-f372699d5df0.filesusr.com/ugd/4aae87_bc0f3de05875452f9868d5464a13ca45.pdf?index=true
  • https://d79f7583-778d-44e3-9d69-21cfbc5a1830.filesusr.com/ugd/b56239_b34cdfd8515e460eb6a3c1008055f60c.pdf?index=true
  • https://320fcaf2-c774-4a13-9ca2-fd70e37e135b.filesusr.com/ugd/2d1648_6fa986d2572e44a2ab0ab1c8f8f89259.pdf?index=true
  • https://f6bfbc50-d9ae-4edf-b65b-5e0c0c3f6de8.filesusr.com/ugd/bf07b1_be02821683cc45e09cfd7b2f4e35644e.pdf?index=true
  • https://1fce62c0-fc1b-4d17-a674-a6fdf69cfde1.filesusr.com/ugd/f3ecbe_307b03430e054e9bb9de306a1f3f805e.pdf?index=true
  • https://422b2210-cf26-4e4e-b1e7-0df50952d648.filesusr.com/ugd/2eff39_8954242f81214ca18496cc5ddcc2ae59.pdf?index=true
  • https://4891ca8a-ad76-4f7e-a041-4efda7317207.filesusr.com/ugd/cf79db_64fe111003944d12928c7409d7025f0a.pdf?index=true
  • https://35ba5aa7-b327-47ec-8778-439aa5d4d745.filesusr.com/ugd/6e3131_fd4d2cd1a57c4b83b0d7ea17e3ac8a8c.pdf?index=true
  • https://fd55e776-1de5-441d-9f9a-ed25d2acce4c.filesusr.com/ugd/5262df_cbe4ad4f3b6842ef947e978cc3921968.pdf?index=true
  • https://180ccbfd-e66f-47dd-ad3b-b3c463854387.filesusr.com/ugd/bdc04d_cb2e9cc8d77341399ef8543ebb13933a.pdf?index=true
  • https://438e000b-2e0c-497f-b317-fac4500cc749.filesusr.com/ugd/f6336d_7fca5c1fe51148979896330e7440f9d7.pdf?index=true
  • https://f0eb9bd3-3726-45fd-98fc-a1b223ae4614.filesusr.com/ugd/d9e9a0_dcb36845c00741cb8d0e4fd13facbfa7.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.