Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=g%25E1%25BA%25A1o+n%25E1%25BA%25BFp+g%25E1%25BA%25A1o+t%25E1%25BA%25BB+t%25E1%25BA%25ADp+108

  • http://files.catlinsdiscoveries.com/uploads/1/3/2/7/132712323/mowaj.pdf
  • http://vipekoz.holistichealingspa.com/uploads/1/3/0/8/130873995/39183.pdf
  • http://rawozeref.debbieyoung.co.uk/uploads/1/3/1/4/131406798/8193974.pdf
  • http://pawuze.outofthedarknessministry.com/uploads/1/3/1/8/131857090/827e6b0b6982f.pdf
  • https://ab25de4c-3fa7-41c9-9194-8520f64d2c14.filesusr.com/ugd/2274a7_9897960c5fc5494587b94edc8ab13667.pdf?index=true
  • https://a3ec7824-9e52-4b1f-b1e0-159ac94220b0.filesusr.com/ugd/cd1d52_4628f356209d4746900d15c199800fbc.pdf?index=true
  • https://91712619-9ce0-460f-8a1c-3202fdbd2ba4.filesusr.com/ugd/9c8fb9_852c8b011fbc470088cc74e2431b0ab4.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0432/0981/8272/files/79341688581.pdf
  • https://cdn.shopify.com/s/files/1/0433/0687/7080/files/8402105605.pdf
  • https://cdn.shopify.com/s/files/1/0434/5734/7749/files/83593986651.pdf
  • https://cdn.shopify.com/s/files/1/0479/4685/8652/files/62045475324.pdf
  • https://cdn.shopify.com/s/files/1/0435/1832/8991/files/46263884235.pdf
  • https://2a0c804f-fc00-4916-a457-7da31965b1ea.filesusr.com/ugd/6fd45c_7fa26d88b1e145dfb1587ae468d0b13d.pdf?index=true
  • https://6cdcb771-820a-4583-877e-6bea40641132.filesusr.com/ugd/e1d12c_4b4edc50ecb94248ab2dae3473e3e40a.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.