Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/pify?keyword=carried+crossword+puzzle+answer

  • https://static.usrfiles.com/ugd/e33828_c248424e723c4cd1b696dfb7b7dcef9c.pdf
  • https://static.usrfiles.com/ugd/95ea6b_49b20b2bcb4c4a49b2e3c2a5aa6743a8.pdf
  • https://static.usrfiles.com/ugd/8b49c6_794c874e3dd74f19a8a5590d0c9f1193.pdf
  • https://static.usrfiles.com/ugd/4b7290_9ad6119df98c4de0b74bc53f0a502369.pdf
  • https://static.usrfiles.com/ugd/67e251_a476d9a8c194412595123c3584185387.pdf
  • https://static.usrfiles.com/ugd/b8c837_13c88426f0d94e63b2eba14d524863fe.pdf
  • https://static.usrfiles.com/ugd/784815_3dd084ad594c4634b4506a3b9d3c9b8e.pdf
  • https://static.usrfiles.com/ugd/12dc78_dbea557c953547859d7af4503675e3f3.pdf
  • https://static.usrfiles.com/ugd/3f0e57_9b4f83eac2fc42039288ce4e1fa474f0.pdf
  • https://static.usrfiles.com/ugd/b8c837_719c5dcdcfe849dfae97a78cf33d54d3.pdf
  • https://static.usrfiles.com/ugd/a3b54b_f2fd2db9b6dd4e279252116e7902e7aa.pdf
  • https://static.usrfiles.com/ugd/8cbfce_b82451731a224b4589448e59800df01d.pdf
  • https://static.usrfiles.com/ugd/1fa6dd_be4d07d02c51405fa3511ebffb9de5c1.pdf
  • https://static.usrfiles.com/ugd/6cf0f5_af44287ecc42497b9829bf2218049935.pdf
  • https://static.usrfiles.com/ugd/b8c837_cc789b0b1a8747149f30934ec1a06304.pdf
  • https://static.usrfiles.com/ugd/917232_9b02fb2a580b487ea01e32708d2e4d43.pdf
  • https://static.usrfiles.com/ugd/e42ee3_e6d518e09ec0425db6f482790aa75eb7.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.