Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
  Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/wix?keyword=revolutionary+army+one+piece

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/b8c837_935a8343ec544018a841e5ed105e3f9f.pdf
  • https://static.usrfiles.com/ugd/d2cc1f_af40cd019fe949c986d0c16f978538ad.pdf
  • https://static.usrfiles.com/ugd/5a1791_47f99744a40e429390e661477b6aeb22.pdf
  • https://static.usrfiles.com/ugd/b8c837_922d640a9751425b9e720093c48995a0.pdf
  • https://static.usrfiles.com/ugd/ac72e0_c232fc2ce6bd4924a87f8672037c6d75.pdf
  • https://static.usrfiles.com/ugd/b8c837_9548bc96a7074bd3b6b505c4f8f6eca4.pdf
  • https://static.usrfiles.com/ugd/b8c837_d0183fa233b04eaba1a5c57c03c6be3f.pdf
  • https://static.usrfiles.com/ugd/b8c837_b100a3be4a034c869ea71974aaa80930.pdf
  • https://static.usrfiles.com/ugd/07625c_e9cb1a2978cc42c0b0f988cc401558c7.pdf
  • https://static.usrfiles.com/ugd/b8c837_71f729a6cd084929a663a34438542b81.pdf
  • https://static.usrfiles.com/ugd/23b571_609e71a1a603478ea047567fe3d8a257.pdf
  • https://static.usrfiles.com/ugd/b8c837_38d88a5e05be4ae1b94398722fe55f31.pdf
  • https://static.usrfiles.com/ugd/b8c837_2b933f5f6e99408eb214fd4efcbba7dc.pdf
  • https://static.usrfiles.com/ugd/2813e2_5b55b424fbed43f99542434945d861b9.pdf
  • https://static.usrfiles.com/ugd/83b1b3_03d968e51cea40f4afc4847787ffbabe.pdf
  • https://static.usrfiles.com/ugd/b8c837_72c5ec11d5c444f1aa132617d50e0fc7.pdf
  • https://static.usrfiles.com/ugd/b8c837_5423c5b111fe40129d672af19baa3b33.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.