Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=october+sky+worksheet+middle+school

  • https://40ebec33-a630-4112-8264-5df262e80e5c.filesusr.com/ugd/29c71c_f56e1aba5d8b4578b6102e06d3723165.pdf?index=true
  • https://f67ab0b9-a1e5-4bdd-a67e-9ed464895e55.filesusr.com/ugd/fedf23_c0818f1417284ef09d63c07feeb70efb.pdf?index=true
  • https://e29ded64-38f5-4eed-a212-40e172c18d8d.filesusr.com/ugd/b148e5_4e6d895f2924432d8834055be864143f.pdf?index=true
  • https://65a676bc-0694-4ff5-87b2-4507a04416b4.filesusr.com/ugd/89064d_5aba75ee95bf4fc7aaa6781438956d71.pdf?index=true
  • https://719fc612-1b98-4123-9b6f-bc4c3b6acfab.filesusr.com/ugd/c4dbd3_6e770c9d3abe41ba9322604927b3d986.pdf?index=true
  • https://cd63b907-2200-49d0-9bf4-65217fdbcbf4.filesusr.com/ugd/84a5c6_49f8843404e8480c963b01fab4476150.pdf?index=true
  • https://d1328f5b-0ae8-4ecd-ae9c-daf111a42fee.filesusr.com/ugd/33ab24_e01c5d6222ee48c99845ded1a03996f2.pdf?index=true
  • https://5ac87d95-6981-4e03-bf16-c77a883364de.filesusr.com/ugd/ceb2e8_c72d849b39c14f77898bb9fa36bf5b12.pdf?index=true
  • https://3965dc47-6940-4343-9849-c9f5bfd24e95.filesusr.com/ugd/163759_fdc6f9d67abb4869a891a9ca73ce1770.pdf?index=true
  • https://594251fd-5de4-4ee7-87e1-9f70374b72da.filesusr.com/ugd/ca9b0a_ed5155a42bb4483c9fc6f09f5d04ef1a.pdf?index=true
  • https://3fce5350-63eb-4121-b42d-c3efe6701aa6.filesusr.com/ugd/35ddae_6034b82689c2491f999965c453700619.pdf?index=true
  • https://48ad3ab3-360a-468a-9e19-2c713cca8dd1.filesusr.com/ugd/6cabbb_66a21aa9e58540ffb7a940ee8349fe69.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0464/0302/7099/files/41542452811.pdf
  • https://cdn.shopify.com/s/files/1/0484/9120/0662/files/80372732039.pdf
  • https://cdn.shopify.com/s/files/1/0435/5247/3243/files/riverside_high_school_wv.pdf
  • https://cdn.shopify.com/s/files/1/0429/3879/4147/files/99044074331.pdf
  • https://cdn.shopify.com/s/files/1/0431/8137/5648/files/alternative_forms_of_assessment.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.