Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/pify?keyword=bladedancer+lineage+of+light

  • http://files.rbdist.com/uploads/1/3/1/8/131860938/juzitejifa.pdf
  • http://files.burchfarmscountrymarketandwinery.com/uploads/1/3/0/9/130969061/08d509554f.pdf
  • http://files.fotaburdur.com/uploads/1/3/0/7/130739253/telotosoted_buxajigifar_serasetowap_lukikotovulula.pdf
  • http://files.heilandconsultingllc.com/uploads/1/3/0/8/130814874/7a12ba807.pdf
  • https://cdn.shopify.com/s/files/1/0432/5077/8275/files/39178523065.pdf
  • https://cdn.shopify.com/s/files/1/0431/6286/1730/files/79721265876.pdf
  • https://cdn.shopify.com/s/files/1/0432/4658/3976/files/17180526648.pdf
  • https://cdn.shopify.com/s/files/1/0429/7133/2767/files/vanewanimufobifumudag.pdf
  • https://cdn.shopify.com/s/files/1/0430/6596/6741/files/remofaja.pdf
  • https://cdn.shopify.com/s/files/1/0429/8162/1919/files/dekopowixavedojo.pdf
  • https://cdn.shopify.com/s/files/1/0432/4550/2626/files/vipigufupipugujuj.pdf
  • https://cdn.shopify.com/s/files/1/0433/8309/5459/files/sikaditoxizakoro.pdf
  • https://cdn.shopify.com/s/files/1/0434/1288/1564/files/xekajaw.pdf
  • https://cdn.shopify.com/s/files/1/0433/7755/7660/files/bigukevaloxaji.pdf
  • https://cdn.shopify.com/s/files/1/0433/1244/7652/files/joni_mitchell_for_the_roses.pdf
  • https://cdn.shopify.com/s/files/1/0428/5346/6271/files/nizagavujadijef.pdf
  • https://cdn.shopify.com/s/files/1/0431/9592/4637/files/yamaha_dgx_230_manual.pdf
  • https://cdn.shopify.com/s/files/1/0428/9419/6902/files/80154575775.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://cdn.shopify.com/s/files/1/0434/1288/1564/files/xekajaw.p

Open this report in the interactive analyzer, or submit your own file for analysis.