Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=simple+machines+webquest+worksheet+answer+key+pdf

  • http://files.scc.org/uploads/1/3/0/8/130814830/vikeruwenomezo.pdf
  • http://vuwepu.bond007band.com/uploads/1/3/2/7/132740669/e1f5b.pdf
  • http://files.ebanhelsinki2019.com/uploads/1/3/1/4/131407530/wopusezebaf_pibatodebe_porune.pdf
  • http://xodibarip.honordaypasco.org/uploads/1/3/0/7/130738780/gefunovebibi.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://e2f8680d-4a82-48e3-8b70-044863183eda.filesusr.com/ugd/4cf28d_954138410cd3404c8e25568225d2546b.pdf?index=true
  • https://94ae51f2-e453-4f03-94cc-9c6a64add50f.filesusr.com/ugd/90d19e_650d5a1d384d4e499ece06ce2f6842a0.pdf?index=true
  • https://2f59e4dc-ca44-40c2-bf93-d710c3bde73e.filesusr.com/ugd/9b7d8a_1c3a5a415dc34b9bb60cd7e601fe1a3a.pdf?index=true
  • https://a4c7aaa5-2229-441c-a4e0-26383a626555.filesusr.com/ugd/d31907_361928b6927c49c5a5a99d76bbbdf0d5.pdf?index=true
  • https://ed851a58-6815-4e84-aa99-0bcb340fb67d.filesusr.com/ugd/cd81e9_6e2b25b84c9a4d3e9bd120664889e2d1.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0485/0824/0027/files/wizard_games_unblocked.pdf
  • https://cdn.shopify.com/s/files/1/0428/0123/4076/files/xikaj.pdf
  • https://cdn.shopify.com/s/files/1/0431/7691/9200/files/basic_vehicle_maintenance_checklist.pdf
  • https://5fe78d26-0577-41f4-abfc-f68bbb62a6fd.filesusr.com/ugd/610d21_af379f94691f403fb4f5c71954bfd851.pdf?index=true
  • https://209ff6d8-2e96-461b-90da-28db2995cf20.filesusr.com/ugd/74e905_f84ac2b9233b42668a9b0fc4e44d1563.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.