Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=touhou+16+moriya+shrine

  • http://wisexik.spartanhoops.org/uploads/1/3/0/9/130969679/nopema_fepese_fotogezirerazo.pdf
  • http://files.tbcvaldese.org/uploads/1/3/1/6/131606162/zojadexolukukat_zokeniwenojar.pdf
  • http://files.miamiccr.com/uploads/1/3/1/3/131383434/xonamajosuxo.pdf
  • http://fijitij.paulieanderson.com/uploads/1/3/1/3/131379598/tireliwiruvisas-nutob-gazabuzidir-zubunopob.pdf
  • https://e1dd5e70-3f89-48af-9f43-bbe286897d0a.filesusr.com/ugd/26f730_633b5ce604a44a018500e1a554800d51.pdf?index=true
  • https://d3a9167d-84ca-454c-9269-725282c7df85.filesusr.com/ugd/87a178_88e3e15f45ae4dc78f544b98e18d0de9.pdf?index=true
  • https://cc6680da-3623-4827-8c61-f01270d8ff3e.filesusr.com/ugd/0b46e6_42345bdea1cc4077bd12f697819ea574.pdf?index=true
  • https://bd91bbfb-bef7-4dd6-b0b5-807c612a3dc2.filesusr.com/ugd/1d64af_5d900307c9d84fcfac21654ada1be6e4.pdf?index=true
  • https://bdf27e1c-1102-4c48-b154-c7d77fe61e0d.filesusr.com/ugd/eeb7bd_37480c79c3ae47ac952d4e36124ba59c.pdf?index=true
  • https://19fa7796-6bf9-482c-b6e4-c8ef065ca494.filesusr.com/ugd/3402b1_c299aed409e44d198ee77e3334ef1c74.pdf?index=true
  • https://4f552354-ce27-4e12-b859-3e69ad876fbd.filesusr.com/ugd/b85eb0_e1e35ccc7a7d4646865c548ef1dd57d7.pdf?index=true
  • https://b9e03b9d-75a0-47df-b331-21c2ef7fc818.filesusr.com/ugd/b73feb_5f50b0d9c19446ea9e57e45dd02071a7.pdf?index=true
  • https://c82f60e2-82c9-4be8-8a8f-1794a04d2069.filesusr.com/ugd/4fb05f_73a3ce21760144ae8cffcea9bf7e1fba.pdf?index=true
  • https://3c8b1b99-aff3-48fc-a4be-9b72f8337d3e.filesusr.com/ugd/cc3ca9_f2890eb94f234f9cb56d5b3346937c84.pdf?index=true
  • https://755034b4-f7d8-4830-b1f6-5c55b21837f9.filesusr.com/ugd/bb10c5_4afdecb523c7416ab0e08a1a0ae534f7.pdf?index=true
  • https://917bb01f-1133-4213-8fc5-a7c36f4f7a4b.filesusr.com/ugd/a4e402_01c6d4d7b9c24282b44e4a6355e221bd.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://c82f60e2-82c9-4be8-8a8f-1794a04d2069.filesusr.com/ugd/4fb05f_73a3ce21760144ae8cffcea9bf7e1

Open this report in the interactive analyzer, or submit your own file for analysis.