Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.cc/wix?keyword=two+biddy+music+download

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cdn.shopify.com/s/files/1/0429/7854/1722/files/xonumu.pdf
  • https://cdn.shopify.com/s/files/1/0435/5689/6920/files/early_reading_skills_worksheets.pdf
  • https://cdn.shopify.com/s/files/1/0435/2068/8282/files/75371361812.pdf
  • https://cdn.shopify.com/s/files/1/0429/5966/7363/files/ccna_routing_and_switching_200_125_ebook.pdf
  • https://cdn.shopify.com/s/files/1/0437/8283/2280/files/47950481956.pdf
  • https://cdn.shopify.com/s/files/1/0437/0196/0854/files/wozofanag.pdf
  • https://cdn.shopify.com/s/files/1/0434/8837/9032/files/14080566458.pdf
  • https://cdn.shopify.com/s/files/1/0432/2312/2084/files/wizevatokar.pdf
  • https://cdn.shopify.com/s/files/1/0430/4899/2930/files/wojise.pdf
  • https://static.usrfiles.com/ugd/b8c837_fe0a17260b16451dab778b2de929a7bc.pdf
  • https://static.usrfiles.com/ugd/10b11f_6688515fa01542d6b4bc07775fd4802e.pdf
  • https://static.usrfiles.com/ugd/b8c837_1638111e37bd4c80b3b30bbc8a6ccb82.pdf
  • https://static.usrfiles.com/ugd/b8c837_bd3b8e362a2e4060896fd3ae632f73cd.pdf
  • https://static.usrfiles.com/ugd/b8c837_b617370c43ad47229a90c2b3610463ac.pdf
  • https://static.usrfiles.com/ugd/b8c837_abed50adfac84b17b3d864ce97c2373e.pdf
  • https://static.usrfiles.com/ugd/b8c837_44121cb3184d4762b3b64512f465a8bb.pdf
  • https://static.usrfiles.com/ugd/b8c837_7c91a46af93c4a119108b1c0c0b2fed8.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.