Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/wix?keyword=sonic+adventure+2+crack

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0434/6088/6694/files/flyer_template_creator.pdf
  • https://cdn.shopify.com/s/files/1/0449/7948/6878/files/befunky_editor_for_pc.pdf
  • https://cdn.shopify.com/s/files/1/0437/6369/5770/files/api_testing_postman.pdf
  • https://cdn.shopify.com/s/files/1/0435/7983/4531/files/belajar_photoshop_cs2.pdf
  • https://static.usrfiles.com/ugd/dc98cc_b944725001c1435fbd19ae0b5d19d0fa.pdf
  • https://static.usrfiles.com/ugd/c3f88d_5286bac54e674a278d0ef1662d9c5d14.pdf
  • https://static.usrfiles.com/ugd/9ec29b_911f2a78b3374a62a57440acd789a0a2.pdf
  • https://static.usrfiles.com/ugd/b8c837_7639605d2e23480d8678cb82f7e0aed6.pdf
  • https://static.usrfiles.com/ugd/e3ed1f_b0e443cd484d47f69c7fe80979ff43b6.pdf
  • https://static.usrfiles.com/ugd/1b8612_9f89bafde0524a3fbe0b41a4b6b0c692.pdf
  • https://static.usrfiles.com/ugd/d9d1f5_17d3c15a09e94cc2b384117198497f31.pdf
  • https://static.usrfiles.com/ugd/b8c837_e0cc46f18ff542b3bfe17710fee3003e.pdf
  • https://static.usrfiles.com/ugd/b8c837_d457b9076ddf4cb4a6e51fa9596e6b48.pdf
  • https://static.usrfiles.com/ugd/eb4c03_2439056040244652bef1f635a6cbbb4d.pdf
  • https://static.usrfiles.com/ugd/b8c837_9626813987cf4cf2a2853db0e124cfbc.pdf
  • https://static.usrfiles.com/ugd/de3d83_2dd2b065e39a4164a984b4b0ea064ed9.pdf
  • https://static.usrfiles.com/ugd/cac9e4_a85b7571ccdd4117ba3561c49dbf797e.pdf
  • https://static.usrfiles.com/ugd/432b07_0aaf7194a711438a86e94adb8014a24c.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.