Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=astronomy+worksheet+pdf

  • http://vajow.carnivaltourskochi.com/uploads/1/3/1/3/131384552/lifubewir-waravasi-zolose.pdf
  • http://files.pedicureastridpeperkamp.nl/uploads/1/3/1/6/131606782/7783109.pdf
  • http://files.morningbell.online/uploads/1/3/1/6/131606128/4404252.pdf
  • http://lusozejip.aeea4u.org/uploads/1/3/0/8/130874043/936819.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0433/1605/2126/files/demanda_song_video.pdf
  • https://cdn.shopify.com/s/files/1/0433/4452/7525/files/wilson_language_training_certification.pdf
  • https://cdn.shopify.com/s/files/1/0430/2825/0781/files/xobudeguwivamepanaji.pdf
  • https://cdn.shopify.com/s/files/1/0458/9620/4442/files/99846078448.pdf
  • https://c2a680f7-c207-416c-8d40-df066566fda9.filesusr.com/ugd/a374b9_bf8d0e8080214fb58ea1922b3c001929.pdf?index=true
  • https://d193cb1d-f8ce-4d42-a0cd-5ced9b456faf.filesusr.com/ugd/fd9558_3433616f46094ad5a18a880b97337d29.pdf?index=true
  • https://f59eab9a-2967-4e0e-8956-499c267870e8.filesusr.com/ugd/e6092c_1a0d67e6c75b40f3b569d096c8c9b187.pdf?index=true
  • https://3ac729ec-fa43-4e96-a0fb-dda2cfaa5364.filesusr.com/ugd/f459ea_e2d1bfd358c0495a9b72e1325111aba9.pdf?index=true
  • https://36238e31-aa96-4cf7-b6d7-659acc325354.filesusr.com/ugd/a891c0_a049453334074517b40d26e62fdb0629.pdf?index=true
  • https://94bdf27d-a0a0-4ffd-9bf8-0654c1be5c53.filesusr.com/ugd/53cfc7_1090686b55004770ad06c5aadc128c86.pdf?index=true
  • https://c17cde63-fefc-4272-85a5-a924fe5165b6.filesusr.com/ugd/5c8b2f_3fc47da8e57d4961966836ec25c74d7c.pdf?index=true
  • https://c606ede1-2148-4b7f-89b6-be8b77a4bc6b.filesusr.com/ugd/ef253e_d905d97c637a44a4bbfe32922723ea76.pdf?index=true
  • https://9c9369e7-3cc0-4577-aeb5-8037baf1dc5f.filesusr.com/ugd/d2b720_3fb7b31debaf40dc82b21867b9ff4455.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.