Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=strike+force+heroes+3+unblocked+full+screen

  • https://cdn.shopify.com/s/files/1/0436/4635/3561/files/xotowulutamurubob.pdf
  • https://cdn.shopify.com/s/files/1/0428/3059/4204/files/mibupemavogebivo.pdf
  • https://cdn.shopify.com/s/files/1/0448/2190/5570/files/baofeng_dm_5r_manual.pdf
  • https://cdn.shopify.com/s/files/1/0436/3547/4590/files/75285339930.pdf
  • https://47c2cab1-c767-4e56-b0c1-52386674475e.filesusr.com/ugd/d4da64_31742d6c683943e2988738bc7dfff107.pdf?index=true
  • https://c24b5acb-430a-468f-9897-f5377f275621.filesusr.com/ugd/1c8c1e_a983f098b04f4f6884672651e771256e.pdf?index=true
  • https://90f5a532-807f-4915-a903-e4611e31445b.filesusr.com/ugd/76156b_9257fbf800c74877bfeb18e6b3557528.pdf?index=true
  • https://2e036cc1-0005-4bc3-8180-0dd63459aa0f.filesusr.com/ugd/c75f60_3d763b71645d44539fc6ee87c8b6a796.pdf?index=true
  • https://8b49de70-13cc-441d-ad6a-d8197dca1703.filesusr.com/ugd/7dd30d_2f148755076a4314828aa09062e47676.pdf?index=true
  • https://72b2297b-3dd3-45d3-bd52-b6cf672ff801.filesusr.com/ugd/8508de_8b6e790ed1974666b668d3418e5c0f95.pdf?index=true
  • https://907b4fd3-54d3-44ab-9a7e-cbd716597aaa.filesusr.com/ugd/19ce5d_c4bd404724844541b7518b3a65474649.pdf?index=true
  • https://fd61be35-f36a-4aa3-b66f-3aeb94af0478.filesusr.com/ugd/622218_530943acf5574dd88aa2a2a571b61c35.pdf?index=true
  • https://f9c1628f-c4bc-43c1-9b37-55292bfd5676.filesusr.com/ugd/e98895_c3a74d1bf87c40628a3d6703330ff05c.pdf?index=true
  • https://24f8061f-377d-4a8a-b457-2156fcc8fd78.filesusr.com/ugd/008a9f_4deb018d0de5409fa667b719781f973a.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.