Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=tibia+elder+druid+leveling+guide

  • http://files.silkroadvirtualuniversity.org/uploads/1/3/1/4/131410234/wugutu-tokonokojafowo.pdf
  • http://birudufo.lindenhillimports.com/uploads/1/3/1/6/131637312/7458333.pdf
  • http://files.heidiokada.com/uploads/1/3/1/6/131606789/9751736.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://5debcf0a-84ee-4244-bd92-e5d81e26011c.filesusr.com/ugd/b90ba1_981d0292436c4395922388960bf9f97a.pdf?index=true
  • https://be4537e4-3182-4d41-a380-92084f049495.filesusr.com/ugd/771ea4_a4a2957deb6644bb80f75063f432189e.pdf?index=true
  • https://bdcfae8c-d18b-4ac1-aedb-07e24b5d74a0.filesusr.com/ugd/7a359d_3461c3d2905b41eeb6c90fd28bcb3677.pdf?index=true
  • https://564bac5e-0b83-454e-9ed0-3dc2f271f5d0.filesusr.com/ugd/61c57f_4ca25f4a3f6f4defa8f6cc5ee170227a.pdf?index=true
  • https://36832a65-f681-4343-84cd-7bc8b8b287e0.filesusr.com/ugd/60ffa2_127556c45550456bbdcac2812320793f.pdf?index=true
  • https://6fd2517e-82d5-4f65-89bd-774d7673f98e.filesusr.com/ugd/50988c_f1b44672a52f4935851d4315700228d9.pdf?index=true
  • https://97cb4120-3d38-4ced-a108-be7f6baec9cd.filesusr.com/ugd/2f3ac6_5f9140f16e9844c6ad8c9ed085a2fd03.pdf?index=true
  • https://d3279fb3-52a7-4d23-987f-4ebdb249a25d.filesusr.com/ugd/76aeb6_8d98152984e14d31813fcb867935a248.pdf?index=true
  • https://159e0701-e1bc-479e-b678-c754c4a2fb91.filesusr.com/ugd/296484_15273541679f40c8bd62691393cb9149.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.