Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=concepts+of+diversity+in+australia

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://19c7d1e8-b989-48e8-be31-c2aa78491c63.filesusr.com/ugd/69695d_2b310b44cff14feeac5782cc45c83b64.pdf?index=true
  • https://e5a8e2a6-2103-4155-8558-117285b3350c.filesusr.com/ugd/bcd086_39d7ed8bbe1f4a639b556e779c8ed835.pdf?index=true
  • https://747e319e-1ad6-48b7-be35-3441aaab0490.filesusr.com/ugd/9c8fb9_f85bfdd1cb544c418adc60d4f4134156.pdf?index=true
  • https://2d6e5ac6-4f80-42bd-9e18-cb0dfeb50878.filesusr.com/ugd/299074_ddcc4d2c638d4094a256e71cefe9badb.pdf?index=true
  • https://213e2bee-8d6d-4b63-8103-b559b238705a.filesusr.com/ugd/ade4e6_a6d1b9e53d524a98a151934911fbb61d.pdf?index=true
  • https://205a3bf2-abe8-41e6-8803-5fd96534de73.filesusr.com/ugd/b47706_9f21ec202d6f400b9044c5531645b8f9.pdf?index=true
  • https://72d87d3d-a230-4d88-a48c-d7a29d253fcb.filesusr.com/ugd/1b7c00_72012bf7061e45e8a74cc09997ec7fd5.pdf?index=true
  • https://8aa0e774-eed5-4400-83d3-5b27ae6365fe.filesusr.com/ugd/b910ae_c9d05072aae748e2a68231d64a4b76bf.pdf?index=true
  • https://57566cf4-3078-445b-992a-a8a3c12f6354.filesusr.com/ugd/a467d2_ce9175b965974608a2ee3e36993e13a1.pdf?index=true
  • https://fdff7173-7d7a-4103-8f0f-1c3389d3b1dd.filesusr.com/ugd/8a4248_6624411e47fa44a58900ea385cbbc2ff.pdf?index=true
  • https://a4d62798-f4a4-41c5-982a-4279b9d64d50.filesusr.com/ugd/60e703_75bcc45dee2f41799291e019b92a3508.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0433/4577/2698/files/aaos_10th_edition_emt_textbook.pdf
  • https://cdn.shopify.com/s/files/1/0429/9322/1783/files/15996039340.pdf
  • https://cdn.shopify.com/s/files/1/0441/0458/1272/files/wimumonili.pdf
  • https://cdn.shopify.com/s/files/1/0434/6914/4230/files/canvas_frisco_isd.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.