Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=bharat+marathi+matrimony+app

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/a13bc2_18c654c8fb4c4cd8ad6be4918018bc34.pdf
  • https://static.usrfiles.com/ugd/f17c08_ab5abc8c5ce145da97673240e49d5589.pdf
  • https://static.usrfiles.com/ugd/b8c837_c6c540fb377f418ca626bf783993789f.pdf
  • https://static.usrfiles.com/ugd/4c1554_913f608e6ae047e99d7f68d00bd6c585.pdf
  • https://static.usrfiles.com/ugd/a3b54b_328f0d15dd864101b6f48b63eb04dd0e.pdf
  • https://static.usrfiles.com/ugd/1849a1_24f2c93397ce4aaa88a8cb895493b620.pdf
  • https://static.usrfiles.com/ugd/1d64af_0d47a75d6a7240b99373eea15f421de6.pdf
  • https://static.usrfiles.com/ugd/87b9a8_68ca87f8d39b449bbd850cecf8cd95f2.pdf
  • https://static.usrfiles.com/ugd/3e5db3_4166a9de6cc94b6b905b6662c8b041ba.pdf
  • https://static.usrfiles.com/ugd/cec570_3232df5caea8455cb77752408739786a.pdf
  • https://static.usrfiles.com/ugd/b8c837_4f0ef534d9c14e938ebf0f527d2bec38.pdf
  • https://static.usrfiles.com/ugd/68ec51_e9f78f1e5bed475d9538a1020ea09677.pdf
  • https://cdn.shopify.com/s/files/1/0441/0369/6536/files/how_to_update_xbox_one_controller.pdf
  • https://cdn.shopify.com/s/files/1/0433/3276/3801/files/31356909962.pdf
  • https://cdn.shopify.com/s/files/1/0434/0786/8060/files/kerberos_network_authentication_protocol.pdf
  • https://cdn.shopify.com/s/files/1/0431/7567/4024/files/63653735207.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.