Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=basic+stoichiometry+worksheet+pdf

  • http://wabaxa.upgradedcomputers.com/uploads/1/3/0/7/130775432/rumugo-fowuzivozapij.pdf
  • http://kunovinur.littletownbakeshop.com/uploads/1/3/0/8/130813084/fad48ad.pdf
  • http://files.stacylhenstridge.com/uploads/1/3/0/7/130775498/07c0d6029568.pdf
  • https://44dd7df4-1ea6-4067-9ea8-65339505b256.filesusr.com/ugd/e50c99_20b25738beac47f7b588dc8121bb31cd.pdf?index=true
  • https://1dae26e2-28fa-4bec-a096-3640b4410e4b.filesusr.com/ugd/81cd61_9cb064e8864840afac18df89cd5fc2d6.pdf?index=true
  • https://3942f62c-4757-4925-a1f9-67998b0be31a.filesusr.com/ugd/ad2ade_404a0649ee084f26a69dd566cec87cc1.pdf?index=true
  • https://0887978e-304d-42d0-ac79-4d588e421016.filesusr.com/ugd/8ce377_dc646ea3fcd94805aa45ced65d983f4a.pdf?index=true
  • https://92d9fccc-4770-4950-8b6a-c24b45db9fba.filesusr.com/ugd/44b221_3d6c33dd3af2453fb013730878ca5c3f.pdf?index=true
  • https://fa2f476b-4bef-4def-8dfa-c71287b37b52.filesusr.com/ugd/ea2f88_0fcd2eab94c94d0c9224bace056f8302.pdf?index=true
  • https://6754cec4-146b-4d6e-87f4-2efaa4ba9e29.filesusr.com/ugd/d8966e_e3b3b7fe3e2045deb7bf9273ef46d56c.pdf?index=true
  • https://a2e7039b-d664-4ee7-82f9-ec42d6568ee6.filesusr.com/ugd/610d21_a3cb7845a3a44850b0a9d1d816aa8e55.pdf?index=true
  • https://b1965cd0-4582-4a9a-902d-dafe41bcb1cd.filesusr.com/ugd/162fe6_c54213b403374034b85d8eb04dd29f9f.pdf?index=true
  • https://6e617479-aa35-4bb9-b050-b53a6793b774.filesusr.com/ugd/f6a907_7efe06f8de814456b669c478d57a5df9.pdf?index=true
  • https://404dd6fb-cb42-428a-bdec-a2451c6d8ac7.filesusr.com/ugd/d43733_e1a55025e298472cba8fd525a5205ecd.pdf?index=true
  • https://2c206d8a-8a6c-4796-8404-4ba8623fce83.filesusr.com/ugd/9058e5_043ca1bd6c4b40bf80b829442f8e441a.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://404dd6fb-cb42-428a-bdec-a2451c6d8ac7.filesusr.com/ugd/d43733_e1a55025e298472cba8fd525a5205ecd.pdf?index=tru

Open this report in the interactive analyzer, or submit your own file for analysis.