Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=facebook+app+free++9apps

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0432/4638/7367/files/constraint_based_association_rule_mining.pdf
  • https://cdn.shopify.com/s/files/1/0431/5843/8056/files/44673525337.pdf
  • https://cdn.shopify.com/s/files/1/0436/4160/2208/files/fifesezutesubufegufak.pdf
  • https://cdn.shopify.com/s/files/1/0454/7280/9126/files/clifton_beach_surf_report.pdf
  • https://cdn.shopify.com/s/files/1/0430/8028/6372/files/4th_man_out_full_movie.pdf
  • https://static.usrfiles.com/ugd/26481d_91e5815b98cb4dbbb310ed759ec7e45b.pdf
  • https://static.usrfiles.com/ugd/b8c837_b2e86cd413ae45dab10e03ad0104040a.pdf
  • https://static.usrfiles.com/ugd/b8c837_dd79669ea32441c2a7b886e7b9b0e282.pdf
  • https://static.usrfiles.com/ugd/b16523_35a16b4809d24d88b5d51343d36ea6f0.pdf
  • https://static.usrfiles.com/ugd/87b9a8_05f39084ad8b473fa169a6fbbd3df782.pdf
  • https://static.usrfiles.com/ugd/0a593f_2c4fcf1d55864e6091d3d1251e76e303.pdf
  • https://static.usrfiles.com/ugd/1be480_d1c4ca28b9cd4c41a8b70e87148e6a73.pdf
  • https://static.usrfiles.com/ugd/0ebc1f_6bdee578624c4565864cba4e0dd9f320.pdf
  • https://static.usrfiles.com/ugd/b7306e_45a24bb6f6dd49d5b2caa44427ee016c.pdf
  • https://static.usrfiles.com/ugd/b8c837_80cac8eeca774c5aaaac7f0051ac1ef8.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.