Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
  Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/pify?keyword=unit+2+electron+configuration+puzzle+worksheet+answers

  • http://nirufixof.sugarandseeds.com/uploads/1/3/0/8/130814575/3976991.pdf
  • http://files.wswatermark.com/uploads/1/3/1/6/131606819/mugomi.pdf
  • http://wokiza.blayneylfh.org/uploads/1/3/1/1/131164048/83f6bd3335e.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0430/1560/2337/files/krishna_bhagwan_photo_image.pdf
  • https://cdn.shopify.com/s/files/1/0428/2574/4540/files/anemia_cacing_tambang.pdf
  • https://cdn.shopify.com/s/files/1/0447/2664/8985/files/stay_hungry_stay_foolish_online_reading.pdf
  • https://cdn.shopify.com/s/files/1/0430/5158/1597/files/printable_paper_cutting_art_templates.pdf
  • https://cdn.shopify.com/s/files/1/0437/9816/7713/files/nfl_pick_em_sheets.pdf
  • https://cdn.shopify.com/s/files/1/0431/5866/7430/files/conjugate_gradient_method.pdf
  • https://cdn.shopify.com/s/files/1/0430/6593/3985/files/copy_file_terminal_mac.pdf
  • https://cdn.shopify.com/s/files/1/0433/1382/3909/files/biochemistry_by_donald_voet.pdf
  • https://cdn.shopify.com/s/files/1/0437/0441/8459/files/gixulakofimizobotakex.pdf
  • https://cdn.shopify.com/s/files/1/0434/2179/4460/files/24878734781.pdf
  • https://cdn.shopify.com/s/files/1/0432/5618/5000/files/41657959792.pdf
  • https://cdn.shopify.com/s/files/1/0432/6372/1637/files/31431402133.pdf
  • https://cdn.shopify.com/s/files/1/0428/9835/8432/files/16175378270.pdf
  • https://cdn.shopify.com/s/files/1/0437/2614/3639/files/94291595384.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.