Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=identifying+and+balancing+chemical+reactions+worksheet+answers

  • https://bdbc05c8-b0b4-42e0-a60a-6e8776d878f7.filesusr.com/ugd/69695d_225e59e7426040ae9e9677ec2d1adffb.pdf?index=true
  • https://c22fcc24-46f4-4289-873b-eac687dc3089.filesusr.com/ugd/73c254_e7e39ec7088145c59748f47f2767bddb.pdf?index=true
  • https://9b1c99cc-45f9-42de-9abc-cdebd94dfd6c.filesusr.com/ugd/03ae60_defd6915652d4281b92af3060f2463e2.pdf?index=true
  • https://771fce43-e1e2-45d2-80a5-3f178adf6148.filesusr.com/ugd/c8f33b_b27e4aa930d144a59bfbe6bc327d0d69.pdf?index=true
  • https://8f1e3204-f07a-4523-b308-0746a074c19e.filesusr.com/ugd/f99735_8cc4bad494734c99bc4530b70e07e978.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0440/7004/3813/files/factoring_quadratics_practice_with_answers.pdf
  • https://cdn.shopify.com/s/files/1/0432/1152/2209/files/dimufubabimuxaniberekupob.pdf
  • https://cdn.shopify.com/s/files/1/0433/6130/4727/files/carson_dellosa_science.pdf
  • https://3f8249f8-32b1-4c9f-9b13-e604b46fe34e.filesusr.com/ugd/ade4e6_ba0086a49cdb4e50b178c84eab37f184.pdf?index=true
  • https://00ab5f35-bff0-42f8-b3a5-9c709dd102d3.filesusr.com/ugd/d5415a_77b6626309054234a20fa04d696a9254.pdf?index=true
  • https://97359037-32b1-4fc7-9c08-bccc72ff198e.filesusr.com/ugd/3eb4bd_d1ccf31647194dcb889b4e62ce9a54b1.pdf?index=true
  • https://5bf299ba-6ea5-41c5-acc0-fae0c86a0869.filesusr.com/ugd/d93890_3992cc5b026d4b77b18e330b76018df9.pdf?index=true
  • https://e69964f7-7360-4454-85c8-1e873203f53e.filesusr.com/ugd/0d089b_7998adb0e29d46f6ad624709fdf3abfc.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.