Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=persepolis+main+characters

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0433/7077/4693/files/remudobuvag.pdf
  • https://cdn.shopify.com/s/files/1/0482/9547/7410/files/news_template_premiere_pro.pdf
  • https://cdn.shopify.com/s/files/1/0431/8704/4515/files/87931751079.pdf
  • https://cdn.shopify.com/s/files/1/0432/6011/7160/files/13170905187.pdf
  • https://cdn.shopify.com/s/files/1/0428/9373/8143/files/side_effects_of_antiepileptic_drugs.pdf
  • https://98ece2fc-3500-40e7-919d-d2c1d9302eba.filesusr.com/ugd/1f6d71_4bf6d2abff724f028dccd2ad810dedec.pdf?index=true
  • https://401f5285-4c14-4740-bc21-ad4684ebbebd.filesusr.com/ugd/0d002d_6cf14393520549d8a8d1e7a62c879701.pdf?index=true
  • https://fc7184da-2dc3-41c7-a0c6-a4cbcc862cda.filesusr.com/ugd/db93e9_979a82bfdeb64328b84474f25cdff69a.pdf?index=true
  • https://6b4d3051-b43e-4c02-9c03-a124fc9f15ab.filesusr.com/ugd/83d902_02812018db464c02aa256d724ca820ae.pdf?index=true
  • https://2042d025-4e1b-4691-a17b-4ea51d9f22f5.filesusr.com/ugd/11b39a_b17f4526a4e44b25bf525dc24666328c.pdf?index=true
  • https://e2b9fb29-8f39-43a0-9252-dafb3d3ffb1d.filesusr.com/ugd/062c90_3b0851e52cb348a8a45b75353aaaffa8.pdf?index=true
  • https://bd91bbfb-bef7-4dd6-b0b5-807c612a3dc2.filesusr.com/ugd/1d64af_5d900307c9d84fcfac21654ada1be6e4.pdf?index=true
  • https://754d11cd-56bf-432a-b693-bbf9a51e5cc7.filesusr.com/ugd/de02f3_ab12c3a4189a439f840e70e67fe2d1a2.pdf?index=true
  • https://712b9b2d-696c-44b8-b407-0ea0af78515f.filesusr.com/ugd/a4ea6c_1aeca9e9c9d149ddafc823d0073fc23b.pdf?index=true
  • https://853b63e2-5d96-40e4-9644-b087bd78e544.filesusr.com/ugd/afe78f_6415c1195b534099b432a218247c8f01.pdf?index=true
  • https://72c2bb2b-ed01-4af3-9791-f87a2d598a7a.filesusr.com/ugd/d93890_7e3e071e948c4707ad0d3783e8949499.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.