Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Urgency / deadline lure low SE_URGENCY_LURE
  Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=the+guild+3+mods

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://static.usrfiles.com/ugd/b8c837_665cf2c14ae843bfb5d9ccd3087f63af.pdf
  • https://static.usrfiles.com/ugd/a298ce_a247c8e7b5d8407782dcc51f324007e9.pdf
  • https://static.usrfiles.com/ugd/b8c837_2f89acf1dc964d64bbb991bcf2a82451.pdf
  • https://static.usrfiles.com/ugd/b8c837_ea71c40b953e43ccac0318b398318834.pdf
  • https://static.usrfiles.com/ugd/3b47cb_ee871598bb3d49a1aca9b2466ba65bbb.pdf
  • https://static.usrfiles.com/ugd/b8c837_23de9b25a7244af8b20cabae8e05d6d0.pdf
  • https://static.usrfiles.com/ugd/b8c837_8074e4e6fb15479d8a3e200b9c09d4bb.pdf
  • https://static.usrfiles.com/ugd/f1d680_185b08b5a51246e9959a36bf20be1fa4.pdf
  • https://cdn.shopify.com/s/files/1/0432/4897/6032/files/23671393390.pdf
  • https://cdn.shopify.com/s/files/1/0428/3603/3695/files/31653075628.pdf
  • https://cdn.shopify.com/s/files/1/0434/5459/5224/files/texas_boater_education_exam_answers.pdf
  • https://cdn.shopify.com/s/files/1/0431/1754/3588/files/pasezanafijipila.pdf
  • https://cdn.shopify.com/s/files/1/0431/3799/0813/files/bldc_motor_driver.pdf
  • https://static.usrfiles.com/ugd/3e5d97_b76cc60a521644e1a257205260b09676.pdf
  • https://static.usrfiles.com/ugd/90423f_9638ab09159b4472b9972db00b2431f0.pdf
  • https://static.usrfiles.com/ugd/b8c837_24a2109d6d6a4ef2a82f3fb2642d547c.pdf
  • https://static.usrfiles.com/ugd/b8c837_4894bbb1a51b432d995f3a6f5d64b0ce.pdf
  • https://static.usrfiles.com/ugd/b8c837_6c56ff02bb8747a39c6d409075c3bdb5.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.