Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Fake invoice / payment lure low SE_INVOICE_LURE
  Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=scotsman+manual+harvest

  • https://049ac181-8640-4134-830f-52c1996864ee.filesusr.com/ugd/1e52da_5937337229f3450c8a7f1e92e50cb3cf.pdf?index=true
  • https://75f86165-f170-49a6-8c5f-29ce23675ed5.filesusr.com/ugd/868401_ff9dac3d8c4348ef9a871c33628420d4.pdf?index=true
  • https://0b1f4bcf-37ac-4287-ada0-e259dcd15e2f.filesusr.com/ugd/db93e9_50f4f1d2b6f84b3eb3c81c258c63d9b7.pdf?index=true
  • https://43b64377-59a0-4105-a5cd-a9a7bad4cdef.filesusr.com/ugd/c4ccc4_964e21ea8c2b400481135c5d2d746f05.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0432/1771/5361/files/68907141188.pdf
  • https://cdn.shopify.com/s/files/1/0435/0060/1504/files/gotoxagebumivopopig.pdf
  • https://cdn.shopify.com/s/files/1/0478/0303/9903/files/20962963724.pdf
  • https://cdn.shopify.com/s/files/1/0431/8153/9488/files/27851627768.pdf
  • https://cdn.shopify.com/s/files/1/0484/1098/4616/files/angels_rest_trail_virginia.pdf
  • https://cdn.shopify.com/s/files/1/0447/9670/6967/files/lusobuga.pdf
  • https://cdn.shopify.com/s/files/1/0430/0403/5221/files/2095006312.pdf
  • https://cdn.shopify.com/s/files/1/0450/4682/5110/files/git_subversion_tutorial.pdf
  • https://cdn.shopify.com/s/files/1/0428/9508/1625/files/58735802648.pdf
  • https://7e1e7745-1ba0-4532-85e2-0001a5c8ac8c.filesusr.com/ugd/c345b0_9b54cd7ba7154751aafbf9b4bf712f64.pdf?index=true
  • https://13aa061f-8907-4613-ba0b-9ebc64619e64.filesusr.com/ugd/595093_d34197cc1be54d78b11d49a8b5dcfec3.pdf?index=true
  • https://c1a33517-3f7a-47b1-b078-a6b609573819.filesusr.com/ugd/696117_3657abce6bb1450480a9e5c1d3222b83.pdf?index=true
  • https://b539289d-d958-4845-995d-a72f9282bd8a.filesusr.com/ugd/ab922d_79662b69bb024684bb6a029c24223daa.pdf?index=true
  • https://36076e43-c7c3-42ce-af3f-99450bf859fb.filesusr.com/ugd/70e7d4_66999c6d2c244bf6acf8ca58185c6b47.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://b539289d-d958-4845-995d-a72f9282bd8a.filesusr.com/ugd/ab922d_7

Open this report in the interactive analyzer, or submit your own file for analysis.