Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=photosynthesis+and+respiration+in+elodea+lab+answers

  • https://461f0c1a-2168-429c-893d-b84f9
  • https://b2bbf80c-faf9-4f3f-af2b-848f3eaeba27.filesusr.com/ugd/162fe6_67de39a9e2cb4a7fbbee5a7f6d1800d8.pdf?index=true
  • https://bbdc18a8-323d-4579-9160-49f3c550299c.filesusr.com/ugd/c450b2_0714f07ba0824b36aa7ce967a673e3f0.pdf?index=true
  • https://fb77b6fb-b115-406b-bbb3-73cc4ef9cbe0.filesusr.com/ugd/8ff694_07c93d2331d24042b9219e68bcb7bda3.pdf?index=true
  • https://6e019a85-de5c-4443-b648-e15fe310b9ab.filesusr.com/ugd/145364_6d07924f7a6846d6b51635cabb8256d3.pdf?index=true
  • https://788804da-2ba8-4a81-8550-5f42d5c159ed.filesusr.com/ugd/cf9ff1_763d9ab2bb59450eaab1aa97b2f2efc4.pdf?index=true
  • https://3815b6b7-033a-45e9-8b60-d9bc02a75431.filesusr.com/ugd/7be1cd_62d04c9ffa27401a8aec8e4607a8d64a.pdf?index=true
  • https://1f2359ad-3304-4ecb-827c-b4d6c201f4cc.filesusr.com/ugd/a4e402_7e9605771ca343b881e49589ebb4db78.pdf?index=true
  • https://1a98561b-9200-451d-aa02-db585f0c4933.filesusr.com/ugd/3ed44c_37eb36384cdb4aea80f25861437c89a4.pdf?index=true
  • https://7cafc753-a07f-4ef4-bb01-57954e861741.filesusr.com/ugd/9ea91e_ea8de22fe51d43deae39e36f28cab9b9.pdf?index=true
  • https://ad380d26-17d0-4dc9-84a4-e85685f32fe1.filesusr.com/ugd/a8ca0f_0e394e2513e2472fab5c7c589bf37e45.pdf?index=true
  • https://802d9c22-63df-4429-8736-eb91faa59b0b.filesusr.com/ugd/f2ef67_ed0158aec50d4fa38e7250e889242e02.pdf?index=true
  • https://93e1ced8-c86e-4d0d-838d-eecb046de9db.filesusr.com/ugd/9757e7_b4450c3ea7b049a2a71c876f96c4e63e.pdf?index=true
  • https://03950ddc-167f-4a36-90b6-dbb7d6f2bbf5.filesusr.com/ugd/96a426_2e964f21359842ca80792b6371d48f51.pdf?index=true
  • https://f5acc87b-9a2e-45b7-9b22-3af78a4a0fbf.filesusr.com/ugd/b13fd1_e802400bf9594f11a4b15d8fd6efda4a.pdf?index=true
  • https://461f0c1a-2168-429c-893d-b84f91f624c3.filesusr.com/ugd/49be48_8dab952e02144a019255ffa90c2bea78.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.