Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=remote+play+apk+android+2019

  • http://files.theguppygulch.com/uploads/1/3/1/3/131379496/jazelalobekevegijifu.pdf
  • http://bututabug.chartwellprimarymaths.org.uk/uploads/1/3/1/1/131163991/podowuponos_febeki.pdf
  • https://a1aaf521-0cd6-4319-94f2-d203ce018684.filesusr.com/ugd/c0fca2_ce08d6618f9145c7888c5a57724460b7.pdf?index=true
  • https://0e908782-34c8-43bb-9fde-14af4053862f.filesusr.com/ugd/77eba6_01c136cdc4864c6dba846115bfe27b7e.pdf?index=true
  • https://1e0dce42-b190-44c9-a942-6fdfccebeab6.filesusr.com/ugd/08338c_7af31590014f4addbe22e9ddabaadc46.pdf?index=true
  • https://fdcea1e7-967c-41f5-9e53-feeda8ca78a3.filesusr.com/ugd/469aea_8bfeb7382eb2461980d3df5837b9e62e.pdf?index=true
  • https://3f14e42f-a51b-4d2e-bdd0-c50783a7ad58.filesusr.com/ugd/585b1d_9e73b5c4e0fe4f138d9e3768acfb8bfd.pdf?index=true
  • https://4e46b508-ab36-4a2b-8f26-cacb28f2b3ef.filesusr.com/ugd/e745be_93ccbfcf591c4d4d8ca2d96af0155844.pdf?index=true
  • https://71811da2-7331-4e33-88c0-901d0240d369.filesusr.com/ugd/4a2613_fc10fb0b5cc541e58b06eab906de6c7d.pdf?index=true
  • https://0a954c03-5840-437c-81f1-eb7292d891a0.filesusr.com/ugd/3d0627_55cb09c311604ec7bbd514869ef92e70.pdf?index=true
  • https://eaac108a-2f35-44a4-a567-ab8593e47f06.filesusr.com/ugd/c63dba_d9ea7f2a31cf4c15b5f82de4da917135.pdf?index=true
  • https://3b7112b9-75da-4820-b978-cdf646d48654.filesusr.com/ugd/45e30f_fc5fcd7697ce4ba7be2b362a970458ee.pdf?index=true
  • https://79f569dc-3e2f-4a69-b858-044ee1543790.filesusr.com/ugd/7cefa9_b984d2aa3fb54997b89e8c9648233534.pdf?index=true
  • https://0bfaad4e-7eeb-4321-a88f-0040188dae63.filesusr.com/ugd/3283b0_fce1aca0df9f495d9e6c7d232cd1c97d.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.