Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/wix?keyword=fl+studio+utorrent

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/b8c837_4af4ba60d53a4413bc00bf74e439031a.pdf
  • https://static.usrfiles.com/ugd/5a1791_93375f3738ed43cabac2f012770adff6.pdf
  • https://static.usrfiles.com/ugd/af0aa9_34a08e6d250846448f0a6db8c7fe26eb.pdf
  • https://static.usrfiles.com/ugd/162fe6_c001f430ab9641d4ace93edc01860f60.pdf
  • https://static.usrfiles.com/ugd/63022f_6daaf8245fcf4e1ea5ba628440deaec7.pdf
  • https://static.usrfiles.com/ugd/b8c837_8e75c4aab1e141478626a75534c551cd.pdf
  • https://static.usrfiles.com/ugd/71fd01_cc396b8e82e94d4eaa1deaabcb87de3d.pdf
  • https://static.usrfiles.com/ugd/45fd81_d1f865377bfe4d8d97dea25b9137819c.pdf
  • https://static.usrfiles.com/ugd/63d3ad_4d104a4e8b73494da2f53fa7b2d165c3.pdf
  • https://cdn.shopify.com/s/files/1/0439/7131/3822/files/12574942154.pdf
  • https://cdn.shopify.com/s/files/1/0431/9045/2385/files/microcytic_anemia_guidelines.pdf
  • https://cdn.shopify.com/s/files/1/0436/3255/8240/files/11662961150.pdf
  • https://cdn.shopify.com/s/files/1/0433/0687/7080/files/96056065099.pdf
  • https://cdn.shopify.com/s/files/1/0433/3781/0075/files/83705642857.pdf
  • https://static.usrfiles.com/ugd/80c1db_8f3b45ebcd1e4519b52f9d774fe0d314.pdf
  • https://static.usrfiles.com/ugd/b8c837_c6c43a1de9d949f5ad10a1b366588b14.pdf
  • https://static.usrfiles.com/ugd/b8c837_d8e06fc5fe7142e8833420b4b276a4ec.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.