Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/wix?keyword=eu4+best+vassals

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/b8c837_5129264138ab492bb13aa695d1ed9069.pdf
  • https://static.usrfiles.com/ugd/b8c837_efc3a2a58ac94b36bb8b3bdd4e5be681.pdf
  • https://static.usrfiles.com/ugd/bd5c68_5cdb9a1ffdba4cae9f5cd0a8e3e039b2.pdf
  • https://static.usrfiles.com/ugd/2e4eb4_fdee29277b464bbeb09e3e1d6180fce6.pdf
  • https://static.usrfiles.com/ugd/b8c837_95d3cb5d56764b24be6e54d0e39ab094.pdf
  • https://static.usrfiles.com/ugd/585b1d_3635182ff25a4feea1aa617a0eb07594.pdf
  • https://static.usrfiles.com/ugd/b8c837_b7acab406c2143de8b869b3fdc374bf4.pdf
  • https://static.usrfiles.com/ugd/b8c837_72d4d373bbd24959b2e36528554b99ea.pdf
  • https://static.usrfiles.com/ugd/b8c837_d6ded65ed64640508ddf66f5508659ab.pdf
  • https://static.usrfiles.com/ugd/91e123_8e5c4eff101c42fe94eae9b39f6de3d0.pdf
  • https://static.usrfiles.com/ugd/405339_5b12b3ee6cb4462f85c6d2529d752432.pdf
  • https://static.usrfiles.com/ugd/b8c837_15efeb427726487784f231101b4e8c43.pdf
  • https://static.usrfiles.com/ugd/b8c837_e0c3c45da79249788ec0ee31b601bc21.pdf
  • https://static.usrfiles.com/ugd/0c41e7_71b784acffa1488fbb474907d3c6dacd.pdf
  • https://static.usrfiles.com/ugd/fe83c3_d6c3f15fb7fb45718eb25a3e56eb6145.pdf
  • https://static.usrfiles.com/ugd/b8c837_b2a7b9e453ab42369fa6184c26b403f4.pdf
  • https://static.usrfiles.com/ugd/b8c837_42246c1f7e694986bcaaca0ab1f366a2.pdf
  • https://static.usrfiles.com/ugd/b8c837_4f4fad99df694fcabbcc53da8f491fd4.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.