Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=google+country+codes+api

  • http://gelor.holycrossparishet.org/uploads/1/3/0/7/130776349/f6bea5c48a729.pdf
  • http://jarurusu.eztattoosupplyco.com/uploads/1/3/0/8/130814340/8144759.pdf
  • http://files.elevateyc.org/uploads/1/3/1/0/131070309/7538866.pdf
  • http://files.susamachar.com/uploads/1/3/1/3/131383821/3717941.pdf
  • http://files.officevalue.net/uploads/1/3/2/8/132814930/nedes.pdf
  • https://499ff932-2131-4c63-abab-1b99d751efc7.filesusr.com/ugd/eda9ba_9fd354d359c144218cefde0ef67d3f99.pdf?index=true
  • https://456cbf1d-7d03-4a8b-a9ce-0b47a1419450.filesusr.com/ugd/2074c9_c38cb18959ef423dbd852e6c65add19b.pdf?index=true
  • https://6f82707e-d2df-4bc0-85b3-951d91e54f66.filesusr.com/ugd/6d59ab_81fb212cc7394622923ec9c6d8038279.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0441/3220/4696/files/the_habitable_planet_ecology_lab_answers.pdf
  • https://cdn.shopify.com/s/files/1/0431/3799/0813/files/nizidavew.pdf
  • https://cdn.shopify.com/s/files/1/0430/8575/8617/files/kusenid.pdf
  • https://cdn.shopify.com/s/files/1/0431/5840/5275/files/lovubusiramuwizif.pdf
  • https://cdn.shopify.com/s/files/1/0432/2823/3883/files/fifa_mobile_17_apk_uptodown.pdf
  • https://cdn.shopify.com/s/files/1/0429/4718/2759/files/goboka.pdf
  • https://cdn.shopify.com/s/files/1/0435/4942/5823/files/multivariate_gaussian_matlab.pdf
  • https://cdn.shopify.com/s/files/1/0429/5114/7679/files/megitonagorukutumogikar.pdf
  • https://cdn.shopify.com/s/files/1/0435/5571/7271/files/trng_by_hay_chng_by.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.