Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=kanonenjagdpanzer+105+equipment

  • https://cdn.shopify.com/s/files/1/0432/0378/8959/files/windows_7_activator_free_utorrent.pdf
  • https://cdn.shopify.com/s/files/1/0438/3267/2413/files/voltage_divider_circuit.pdf
  • https://cdn.shopify.com/s/files/1/0433/5845/3918/files/fujefexud.pdf
  • https://cdn.shopify.com/s/files/1/0437/0015/8629/files/34074940385.pdf
  • https://8445b7ba-4acc-46b6-b9e7-dd6ee392db48.filesusr.com/ugd/3e9e83_ba60effa30bf4e1cb755607297737d4e.pdf?index=true
  • https://31fe07e8-e22b-46eb-8f3a-fa69c120fd0f.filesusr.com/ugd/6f7357_c2d1c022ba6b48718275051f50331000.pdf?index=true
  • https://2a669921-022b-47dd-b172-1a826d3f8d3c.filesusr.com/ugd/b91566_bae7678e7e3c4b21b509688479a8839e.pdf?index=true
  • https://128e02d1-07f2-49e7-ad28-a76ecf815aeb.filesusr.com/ugd/bf57b5_b1f14d6b25f7480e83961adb3fcf05b9.pdf?index=true
  • https://1f572307-26ed-4a78-be41-faae2d4a7678.filesusr.com/ugd/0511f5_99daef9bc223477f81ff2bb4fa062a5b.pdf?index=true
  • https://3162f27e-ad2d-4b0c-b9e5-59a1ef9e601a.filesusr.com/ugd/1e557c_ebd80b25bf6f4816bd4058fe5e28d8be.pdf?index=true
  • https://bf51aea6-1c27-4491-ad52-9ba40eddadfe.filesusr.com/ugd/911c12_880714385bbc48b8b3eabe67a164cfdb.pdf?index=true
  • https://817b6bf1-cd27-496e-badf-f382846f59e8.filesusr.com/ugd/1a1092_e5f389c8f55f4bf9811d67829665bc4e.pdf?index=true
  • https://8695d607-5e05-4e6c-abbc-535fb0d93a20.filesusr.com/ugd/e78b77_9f7b0864a023422b9aa7461abafc7288.pdf?index=true
  • https://47c2cab1-c767-4e56-b0c1-52386674475e.filesusr.com/ugd/d4da64_31742d6c683943e2988738bc7dfff107.pdf?index=true
  • https://2058f0f8-3c7b-48c1-81c8-eab417cf6d7c.filesusr.com/ugd/d2057d_09b28be004794acb8efb260428fe8692.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.