Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/wix?keyword=michael+buble+wedding+songs+father+daughter

  • https://191ca269-1
  • https://3f66a06b-55aa-4477-9652-bc368a029d92.filesusr.com/ugd/e3325f_e110a3a2177b4f3c8c6255c15e6b609d.pdf?index=true
  • https://0468119b-f622-45bc-a079-253aa7bb6615.filesusr.com/ugd/4479ed_c20e31a0d59145978ce8f6a0ed40c660.pdf?index=true
  • https://40444d64-aee6-4f2d-9725-00802332217e.filesusr.com/ugd/ccf397_d80b75ce28e54d6ea7d2d456897fe637.pdf?index=true
  • https://a19e14d7-7652-460b-8961-5f75e8822fa7.filesusr.com/ugd/74e905_297c9c21cfa44caf86e747b915676524.pdf?index=true
  • https://b5b83444-8cec-437e-8e0b-c6e10dab6743.filesusr.com/ugd/f08e01_bc6b79389e754df6a96ebd2411e6ba79.pdf?index=true
  • https://6675b745-e608-434d-b445-de723e8cb0d2.filesusr.com/ugd/fedf23_5cd1cb1902e2452db49f2f9462390387.pdf?index=true
  • https://c53e47a9-e254-4cad-b889-493b7f17d275.filesusr.com/ugd/4733ca_5dbfea51131a4e2ea2caabc5c7fab10e.pdf?index=true
  • https://29c691df-5a56-4bde-be21-f61162f2b630.filesusr.com/ugd/c068f8_faa4838395204178980514fb64ea46ca.pdf?index=true
  • https://f687ca6f-7e58-443a-8439-d4e38ca5f02e.filesusr.com/ugd/37987b_df94fa56eab64536b05fcbf85619e43c.pdf?index=true
  • https://4e83e1f0-df4d-4a60-98e7-88adff04d414.filesusr.com/ugd/cc3ca9_d72a3762370845efabdb843f2bbe90aa.pdf?index=true
  • https://ac9e1a4b-d7be-4ca0-b64b-4f9a16a89d81.filesusr.com/ugd/1cfe37_36eec1df1d3a4eada010c564a35e5653.pdf?index=true
  • https://01c237ed-69a3-4f6c-b0b0-381a38a89394.filesusr.com/ugd/f3cb45_e7174537c80640b8b03b1361ff11f706.pdf?index=true
  • https://42277641-d8a3-4c84-a334-9503eeab2721.filesusr.com/ugd/43d2fc_72a15c8507054bee9db19e4bfe310ed1.pdf?index=true
  • https://2a82e8b1-e190-4e93-902e-816482bd01c4.filesusr.com/ugd/771ea4_e87ec67107e346a9b0dbcc58e70d1d20.pdf?index=true
  • https://1035699f-ac1b-432e-90bd-fd56b6a97416.filesusr.com/ugd/234f58_84141d355003455284d681ae00fff1f4.pdf?index=true
  • https://191ca269-1c9d-4cc7-8d2b-e1ccbe15ba6f.filesusr.com/ugd/f68081_61f7892ab3d349b69033d2fc1e22a833.pdf?index=true
  • https://d6516b5d-adc9-4290-9ba9-586314286afe.filesusr.com/ugd/12745a_c1027eb84c9b4513bc4916d9562bcb19.pdf?index=true
  • https://da2e93b4-9d7d-46ef-824a-523f1acbd54d.filesusr.com/ugd/1da05d_2d9386d7498045d4b4a4bfbae2b51d15.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.