Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=noico+vs+dynamat

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://8d14ef79-b804-4567-939e-705974d08b29.filesusr.com/ugd/314c35_d465c1980c01452f9ef40aa09498bd9b.pdf?index=true
  • https://67b41c69-f32f-4253-aa2b-0a884f92dab1.filesusr.com/ugd/61567a_6723e2b050554c7e9a84a5b43a567700.pdf?index=true
  • https://25d6b42b-a70c-4f14-ba71-2cd1e771c81d.filesusr.com/ugd/b148e5_a62a824b05ce4d9982e1ab780887761a.pdf?index=true
  • https://12990bb8-8308-40ff-9eac-f2963f3f6b0c.filesusr.com/ugd/ee9d3f_6d2bef4b0b174ef0912407b703d71f2c.pdf?index=true
  • https://42668050-351e-4ede-9e29-d9e91a56cb55.filesusr.com/ugd/8a4248_70c581cc6bf54636b6cd17c4a6507a4f.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0435/4431/4024/files/wagumibatuki.pdf
  • https://cdn.shopify.com/s/files/1/0440/1581/2766/files/volegudopanusumomoma.pdf
  • https://cdn.shopify.com/s/files/1/0437/6546/5249/files/zozirimanuketuwupepobu.pdf
  • https://319ad925-f100-439a-8115-ae5c3b2c148f.filesusr.com/ugd/b463f2_a3253cb376784896a0dbe8c3abe0406d.pdf?index=true
  • https://a05ec3c7-d6a8-4cb5-a6ce-6b4f7d1fd93e.filesusr.com/ugd/ea2c45_6c5cb13810de4c078d196f08d4473fc5.pdf?index=true
  • https://bb9e3989-5888-4ce1-bc0c-9d8a31b93280.filesusr.com/ugd/738632_9d75bf62daad40e5a8bb7ae2e3a8c48e.pdf?index=true
  • https://b0f4f6aa-3519-4920-8ec5-7d05e897090d.filesusr.com/ugd/e2c223_512699295b57408daf3865d008e41acf.pdf?index=true
  • https://c3656b18-cd95-40fc-af20-f2a26ea79d69.filesusr.com/ugd/3f8d85_69ac01174ea44b77b206398288c526fe.pdf?index=true
  • https://5ebba418-9f05-44de-b97b-e8f44e147fd2.filesusr.com/ugd/d2cc1f_ce395aa4b2c7477aaf84f895905db8f4.pdf?index=true
  • https://a52ed7f1-058c-49a8-946b-e7271cf50153.filesusr.com/ugd/4ae4db_02553aee88b04adb9f40f787640e1bb5.pdf?index=true
  • https://4d556148-99e0-4124-b4c0-0e53db6e9fb3.filesusr.com/ugd/b1b3ad_f3248c92c27448faabd542979cbd997b.pdf?index=true
  • https://1da03e06-72b0-416b-bc0a-30671981c0b1.filesusr.com/ugd/4cf28d_bcf5cc631809488996e83cb7b19c7f2a.pdf?index=true
  • https://f82bc650-8f0d-4c1d-a9cb-9818771812c1.filesusr.com/ugd/53c654_39542d1f08bd4fe594d504de8f9ae657.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.