Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=myspanishlab+sam+answer+key+chapter+4

  • http://files.samanthastewartofficial.com/uploads/1/3/0/9/130969440/xarisug.pdf
  • http://files.blsst.co.nz/uploads/1/3/1/3/131380666/vujegumupi_zogatus.pdf
  • http://files.body-knowledge.com/uploads/1/3/0/7/130775823/1119226.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://386629e5-56dc-4195-a0dd-390656cd9a88.filesusr.com/ugd/b98abb_adbae0d7d28a46a78dceec922efd2c86.pdf?index=true
  • https://d29cec17-db94-4ca6-914d-bd432785b294.filesusr.com/ugd/808cd0_f3cde06159f14cf980afa709293aa106.pdf?index=true
  • https://d314901b-3d20-441f-b926-8d43da746600.filesusr.com/ugd/cbe7f7_0107da1e26554a6dba9cac71088f0326.pdf?index=true
  • https://cfebf1bb-8823-4cb1-a337-667486bc5789.filesusr.com/ugd/91e123_246cf552f88047ec91c1717db7750f4f.pdf?index=true
  • https://8cfc8560-1948-446c-b958-4e5b624fad1b.filesusr.com/ugd/d2cc1f_bc368fa1a8b04eb8b50dea133ea54295.pdf?index=true
  • https://dba93531-05d5-498d-8ed9-a7bcb5bda46a.filesusr.com/ugd/cb5dea_aa2c276c9ba34ed9954430ab1d300784.pdf?index=true
  • https://de1f7f45-7f2d-4d9c-a549-2ab8f4c91d29.filesusr.com/ugd/681527_e841f289efdb467589722195c14d50b3.pdf?index=true
  • https://293695f5-1b47-4a60-b2a6-028130baf4aa.filesusr.com/ugd/c2bf0a_ea5bba28941c466da59158409d609e76.pdf?index=true
  • https://dafbb76f-da14-46b9-9467-1397d60d6fd4.filesusr.com/ugd/c068f8_d2521c5e33624d21adddd8fa5fe526f9.pdf?index=true
  • https://f4024130-18bd-48df-b47d-5f7f9e77e248.filesusr.com/ugd/83b1b3_a28595ad70764336927fb0e61ba87ad8.pdf?index=true
  • https://d23ed075-e30f-4073-ab47-63a2dc1b512d.filesusr.com/ugd/592671_385548dcfc0249119e3eedd8b529787e.pdf?index=true
  • https://66edfb54-2038-48d1-9b87-b4d9d609f3e3.filesusr.com/ugd/c4f63d_012f279dc1d04cd59e2278fec9d1153b.pdf?index=true
  • https://d215d8b0-f2f9-41f3-9e48-884f927709d3.filesusr.com/ugd/a7074a_4aae736455ce48b2956c5a56bf8b498d.pdf?index=true
  • https://6cf7c580-64ac-475c-b857-05802f86525d.filesusr.com/ugd/59deca_8e9a0473954c4134b56950068664ae69.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.