Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/wix?keyword=real+steel+hack+apk+android+1

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://b478ff66-7e01-4f4f-a728-794318abf3eb.filesusr.com/ugd/e2c6c1_4ad17fd3e7f64845953a59c5b1b366a7.pdf?index=true
  • https://b22fa011-6017-4958-a1df-2e82be9de650.filesusr.com/ugd/70c1ec_2081a29c34d142aa8e459fcf864be25a.pdf?index=true
  • https://06fd28ae-817d-47c4-bbc3-0a4e2e487000.filesusr.com/ugd/f523c3_63224f6c4b364e6f9230ecb822ecadf3.pdf?index=true
  • https://15b1b932-be41-475c-a122-1ea6cc09c473.filesusr.com/ugd/d9f7b5_e489a573ba9145d3b53e2fe091918844.pdf?index=true
  • https://cbb38882-d1be-42e9-b16c-64413cc28ae3.filesusr.com/ugd/81d6a4_c2c992ceab124610bfa85dd8dfaac708.pdf?index=true
  • https://eef74573-cc29-43a3-9dfa-c80e5b4006c9.filesusr.com/ugd/1acd69_7513b6626a0045afb323d94e9574ec1b.pdf?index=true
  • https://1e5ee6db-c878-4f33-a4c1-d17e8bbb5727.filesusr.com/ugd/98e298_e9218706ba7f4d4192cb06f43b4749b0.pdf?index=true
  • https://81d33ca5-a803-48f0-9f23-0fe4dcf0fa4d.filesusr.com/ugd/ff2e72_3c40fb36fc4e44e4a3d963f90acc0408.pdf?index=true
  • https://66199119-9179-4c45-9b3a-5311c565adcf.filesusr.com/ugd/7a359d_52ef1f65cf25456eabd23ac69f06b627.pdf?index=true
  • https://4e67f78b-c139-4cfe-951c-7a9d5b2989cd.filesusr.com/ugd/0789d5_361af1be941d47818047519d2b87f8b3.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0428/9835/8432/files/70278744099.pdf
  • https://cdn.shopify.com/s/files/1/0430/7809/0901/files/vokubirelena.pdf
  • https://cdn.shopify.com/s/files/1/0428/4504/4902/files/gewarigemogakixapokoli.pdf
  • https://cdn.shopify.com/s/files/1/0431/8547/1656/files/12498335109.pdf
  • https://cdn.shopify.com/s/files/1/0430/9581/8397/files/guvuzolojodatuzo.pdf
  • https://cdn.shopify.com/s/files/1/0427/9477/8791/files/18604415677.pdf
  • https://cdn.shopify.com/s/files/1/0431/1970/6273/files/tavumizuxosol.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.