Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
  Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=partycloud+desktop+download

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0440/7469/6856/files/15405914109.pdf
  • https://cdn.shopify.com/s/files/1/0428/6591/8118/files/44238214753.pdf
  • https://cdn.shopify.com/s/files/1/0434/0131/4456/files/gevetedebepu.pdf
  • https://cdn.shopify.com/s/files/1/0431/7777/1164/files/icloud_photos_not_ing_to_ipad.pdf
  • https://cdn.shopify.com/s/files/1/0459/2471/2615/files/13994054572.pdf
  • https://3b17bbb6-794b-4f32-8227-739b3c245e58.filesusr.com/ugd/ace02d_4c8884d685c44e2292ca0c1b7a440bba.pdf?index=true
  • https://6692efe8-8105-4dd8-94e3-99615cd6bbe8.filesusr.com/ugd/98e2de_d4c6cfaa786646cf92609fab2c1dc4ca.pdf?index=true
  • https://9c3176a2-38de-41a8-8c1b-5c5720e264e9.filesusr.com/ugd/b916f4_0e9da7cc63a4492b8f4582e2ae73cbd4.pdf?index=true
  • https://33456c22-c331-4955-b475-7dc79b5b2310.filesusr.com/ugd/70e5f7_dd298829f2274dec8d4a14aa5b5b399b.pdf?index=true
  • https://594bc91f-84f8-4491-98c8-689070a82417.filesusr.com/ugd/368de4_c5a1ef9fd30d403d8e40a578fc3218cf.pdf?index=true
  • https://16d6e637-67eb-4acd-9d48-ace0d3118870.filesusr.com/ugd/957eb4_ee203ad3377148b7a5282915b06a38de.pdf?index=true
  • https://b6704a7f-69b8-4ba8-981b-e049b68660db.filesusr.com/ugd/bcb9fd_0dd3cb79207047a5a9c50e62ee52a315.pdf?index=true
  • https://e31b1a8e-11e8-4762-ad09-e3b72a8ebd63.filesusr.com/ugd/9bd82e_b3ea51b4a05244f98326e9a9d1b3c0e6.pdf?index=true
  • https://dd298f6e-1803-4e1d-aa0f-09dc12eb1feb.filesusr.com/ugd/5e81b9_ca648864528a4139aadbaf202061d88c.pdf?index=true
  • https://9651a49d-17b6-44e3-bb35-e1c95a375f1f.filesusr.com/ugd/685707_0689a56d9a7a4c0a87b0c1f1b69dd212.pdf?index=true
  • https://05d8d5d5-0566-4aae-969e-86fc9059214c.filesusr.com/ugd/bdc04d_54697d8e62be47eab022611c847e9ce3.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.