Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=how+to+hack+world+conqueror+3+with+game+guardian

  • http://files.luigicurini.com/uploads/1/3/1/4/131407647/13831e81ed30ec1.pdf
  • http://bipolenur.thepavlich.com/uploads/1/3/1/3/131383737/6516883.pdf
  • http://vuxeko.ikibydesign.com/uploads/1/3/1/3/131380086/wiperibawune-begufoxuxe-vagemune-razap.pdf
  • http://gorexore.citysunholdings.com/uploads/1/3/1/4/131453036/duxikonibegiwan.pdf
  • http://febepa.justlikehomedaycares.com/uploads/1/3/1/6/131607662/fujagomafemalepodudi.pdf
  • https://7be3e62c-5a93-4b21-9b68-c93582bbf1ea.filesusr.com/ugd/665c20_04ddeb6392624c94956d1ac683d9dee6.pdf?index=true
  • https://3e67fa73-9986-4453-91f7-1e7856c80dbe.filesusr.com/ugd/54fa57_3ba43ad47a7f4220a4521a7aefd9ed56.pdf?index=true
  • https://fbd60d9b-92d6-4bcc-8fa3-671217aee289.filesusr.com/ugd/c0fca2_37df77d0919245bf90ce36cf1d8e6fdf.pdf?index=true
  • https://aff6c360-7f17-4287-b0dd-03aff4fe7f22.filesusr.com/ugd/359e64_d647e09d6a1a446998f083f860e53bd3.pdf?index=true
  • https://366c6324-bc10-4ee4-9cc3-8ab4b7c340d2.filesusr.com/ugd/704566_b948cb6eab0745a8948d564753339f68.pdf?index=true
  • https://6089b8a4-d8b0-45fe-93c3-b06b56cecaeb.filesusr.com/ugd/5aec95_4ed5639f27824fd98094a4330f01e31d.pdf?index=true
  • https://77b5fa83-b79d-4576-ad7c-ef30581751be.filesusr.com/ugd/de3d83_52b74c905bf246f98d89c5202869a37c.pdf?index=true
  • https://33f07765-ae8f-4e98-b02d-1c4aeb703797.filesusr.com/ugd/6e2da7_9999ea9799f74b26bd465cc65ca4fe91.pdf?index=true
  • https://b60c8034-a4cd-4fd5-85a2-c83c1f813fe0.filesusr.com/ugd/6c032c_d9ba95b3b1c248dbbafee0df1a1bb934.pdf?index=true
  • https://b64d6615-de70-4d3b-9d84-7781458febe1.filesusr.com/ugd/f55bec_339814f5a39843e287f1603702fc46cf.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://b60c8034-a4cd-4fd5-85a2-c83c1f813fe0.filesusr.com/ugd/6c032c_d9ba95b3b1c248dbbafee0df1a1bb934.pdf?index=tru

Open this report in the interactive analyzer, or submit your own file for analysis.