Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/wb?keyword=syntactic%20structure%20pdf

  • https://81713570-f91d-4ab5-a330-a4f1a3568fee.filesusr.com/ugd/76dd3d_3567386c87fa4c1b9a36ea182f1a9fad.pdf?index=true
  • https://16ed5b26-fa87-4935-bd65-0c0f3b8267a8.filesusr.com/ugd/c450b2_ac4138a74a4c4c0cb0e79c7cb343185d.pdf?index=true
  • https://533b9870-36e8-411e-a369-9dce45a0b41a.filesusr.com/ugd/9aab09_48868727922b494589339b601765a52c.pdf?index=true
  • https://a3f1e584-3fb7-438a-a133-6dbbc509aff8.filesusr.com/ugd/e98895_bb08034ccbb74f73bf9679930a42aa68.pdf?index=true
  • https://7435e1b4-d457-4597-b227-82b4b24e55d1.filesusr.com/ugd/8e7730_d45eeb9972324b9a9e14884bbb74ddd7.pdf?index=true
  • https://5016fd55-85af-40ba-aed5-ca8f7577cf11.filesusr.com/ugd/2eedf1_599efa21c94d4be0929cdb59d548320e.pdf?index=true
  • https://ed2131ed-2834-4d90-9613-7ef1b02e9172.filesusr.com/ugd/565485_efb3ecea4c8349dbb347ed536ccee2ce.pdf?index=true
  • https://1280a831-a770-4d87-b7ee-d154738ec3e7.filesusr.com/ugd/17159d_f144bc112f624c579fe25d894b6debac.pdf?index=true
  • https://1df83a22-eb83-432a-ada2-f0bd2b8e8675.filesusr.com/ugd/76b6de_a36619bedf8b4255802bfbabef066d22.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0434/3395/1399/files/duzejakudo.pdf
  • https://cdn.shopify.com/s/files/1/0432/6309/9040/files/negivuvube.pdf
  • https://cdn.shopify.com/s/files/1/0428/1512/7708/files/42705208207.pdf
  • https://cdn.shopify.com/s/files/1/0434/6734/1974/files/bacterial_meningitis_treatment_guidelines.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.