Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=chick-fil-a+copycat+chocolate+chip+cookie+recipe

  • https://d0ebac0a-52f7-4ab1-b682-7fd6356deab5.filesusr.com/ugd/defdb4_f4e00ab3a91d48fb8ba8b7efc9926c3f.pdf?index=true
  • https://78c6d557-0190-4403-b5b4-b736fef36eae.filesusr.com/ugd/2f8cea_1d9b28ca1f254d169146044860846567.pdf?index=true
  • https://3e202507-f026-4bc9-9d69-0ee0941ba1cd.filesusr.com/ugd/61b8bf_3e40a7a0c3f34b64904a475aafe0f868.pdf?index=true
  • https://3cb35a7c-5456-41d1-a2f3-aeb3259c53fa.filesusr.com/ugd/451a43_1dd260ba655c40159bba84ca7632103e.pdf?index=true
  • https://e7f897e1-090b-4627-b31f-e10c9fe5263b.filesusr.com/ugd/dcbeda_0a6a346532b847538538e8c81fa8f0d9.pdf?index=true
  • https://8847161f-2e82-402c-b2c2-add84d176972.filesusr.com/ugd/e2c223_5e563378d59a47bdb86c55c37560e73c.pdf?index=true
  • https://3e897f02-8f69-4978-8643-fc90a66f2a8d.filesusr.com/ugd/440e29_1859bfdb4dcb459abe3e00be704d38a6.pdf?index=true
  • https://639b5f41-25c0-4766-b5f1-b3418bfcd914.filesusr.com/ugd/529385_69e24d1bba9047aab3f683a6941b8647.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0428/0378/9991/files/72156260253.pdf
  • https://cdn.shopify.com/s/files/1/0434/8349/6600/files/cricbuzz_apk_for_pc.pdf
  • https://cdn.shopify.com/s/files/1/0433/3921/9099/files/patololep.pdf
  • https://cdn.shopify.com/s/files/1/0431/5506/2948/files/vamelenasa.pdf
  • https://cdn.shopify.com/s/files/1/0432/7977/7945/files/elmore_county_schools_report_card.pdf
  • https://3305c516-da7f-49b7-8f05-128a180fd000.filesusr.com/ugd/cf79db_734fb878994f4055ba7b954e6370ec85.pdf?index=true
  • https://5e19a0c3-d8cf-42b5-b0cb-91db4ba95944.filesusr.com/ugd/f65518_59ed9f887031415db9a1cdf83082fd13.pdf?index=true
  • https://fb318396-db71-4478-85f3-076aa0da1d2d.filesusr.com/ugd/2e4eb4_24b52b9ea04547c097e82a9e95bc47df.pdf?index=true
  • https://56d1e92a-d69c-4f0e-9596-8eb617682812.filesusr.com/ugd/9ea91e_5475026f0d754d4298ce6d8141859e9e.pdf?index=true
  • https://c7ff36f9-5fc5-4258-9bfe-08a20dceba3b.filesusr.com/ugd/3ed902_13864a639fcd4d019f28bed0ddd11315.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://cdn.shopify.com/s/files/1/0431/5506/2948/files/vamelenasa

Open this report in the interactive analyzer, or submit your own file for analysis.