Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
  Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=what+advantage+did+the+confederates+have+during+the+war

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://6987c1b8-7535-4731-83e6-7bdf8be10ad7.filesusr.com/ugd/7f614e_7c8e6db78d4b4d8cb1ae1e6a297b8416.pdf?index=true
  • https://6e163fa8-ba6c-4304-8fef-dc969fb59510.filesusr.com/ugd/94e5ef_5823246051e54ea6b908d000e756f348.pdf?index=true
  • https://562e5ed2-9b23-4c01-a48b-c2a6a38dac8f.filesusr.com/ugd/43d598_7f23c5fc7a6247078bba058f60a63b0a.pdf?index=true
  • https://7d3d9c8c-3fad-416d-9d9e-a327b4d5d064.filesusr.com/ugd/eb4c03_42960c0b0e294b6aa676f22a0d1c194c.pdf?index=true
  • https://81e8ce39-1c4c-4994-963a-66d444c3acaa.filesusr.com/ugd/4bb894_c9c1344d50a0479e8e593c376245a4b1.pdf?index=true
  • https://f95b338f-55ce-4522-91f5-ce8b02dba5fe.filesusr.com/ugd/91e123_bb3639cf5b96421a945781d6de0a67c9.pdf?index=true
  • https://71aee221-614e-47ac-b5e8-c86d63ca5995.filesusr.com/ugd/e4f6f0_13ea17d487244ddc9ebd544173f4cf33.pdf?index=true
  • https://626e2d31-698d-4731-b18b-20514d2765e3.filesusr.com/ugd/f0e51d_a1a532170d8b41f1b3e72e11694e2f49.pdf?index=true
  • https://72a81080-ca51-4d9a-963e-f3671a2c3ee1.filesusr.com/ugd/8a05ec_648f773eabbd43b1b9f096291b8f0712.pdf?index=true
  • https://e1ce30cd-eda1-4aed-9ee5-78e05e33fe6a.filesusr.com/ugd/a9248e_ebd93f8e4f4e4a71938b77fd2458364b.pdf?index=true
  • https://33bc163e-fdbd-4e77-8403-707ca4eb3378.filesusr.com/ugd/9cb112_2299eda499204eac8fb0a3ce2a77959a.pdf?index=true
  • https://3fb2e918-1dda-47cf-9eeb-e4dc2435cf99.filesusr.com/ugd/33a16d_e4f1dd86b1164cb8bee8b1805feb725f.pdf?index=true
  • https://ca66784c-ad6c-42b1-9b2f-cad9a7a343cd.filesusr.com/ugd/a9248e_9fe78fe14bb744e4821e5283ddb461c8.pdf?index=true
  • https://47aa26ee-e725-4adc-982b-a12913b1495b.filesusr.com/ugd/501a20_d35be4e68a9e46fb9237aab8a952557d.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.