Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=kendra+lust+lex

  • https://cdn.shopify.com/s/files/1/0427/7967/2735/files/jupabupetefizu.pdf
  • https://cdn.shopify.com/s/files/1/0435/6148/4437/files/jexazesazowidefi.pdf
  • https://cdn.shopify.com/s/files/1/0459/2772/7271/files/30570371754.pdf
  • https://cdn.shopify.com/s/files/1/0430/6193/6290/files/wosuxomotojatew.pdf
  • https://static.usrfiles.com/ugd/b5472a_d99bfd2ce6bd4fa0819e4a2594d4b674.pdf
  • https://static.usrfiles.com/ugd/7598fa_fefc1a334df64d999ae674f0ac258d3b.pdf
  • https://static.usrfiles.com/ugd/b8c837_c0d43d1519814115b32301c81109aad9.pdf
  • https://static.usrfiles.com/ugd/b8c837_359302ef7ad94a2c92cf42d94a96c43f.pdf
  • https://static.usrfiles.com/ugd/2f3ac6_f57a7c83b9fc4038893987bac1c0b0c8.pdf
  • https://static.usrfiles.com/ugd/7a11b0_224d8ffe9eb64a5db414dac069694886.pdf
  • https://static.usrfiles.com/ugd/739437_72c74afad2594df69e93076284f9d622.pdf
  • https://static.usrfiles.com/ugd/b8c837_a45926fb051d41e8aacf8757528a5a29.pdf
  • https://static.usrfiles.com/ugd/6290de_ac0b4c02b0f5455fa92f264af46b64e1.pdf
  • https://static.usrfiles.com/ugd/b8c837_a5a42b1e2bd64bd5809fbedd7ab6d539.pdf
  • https://static.usrfiles.com/ugd/510a18_fb5480b8693c4139a02b23f53d36dcd2.pdf
  • https://static.usrfiles.com/ugd/353d00_dae301cf58a14a979e966e532bec4792.pdf
  • https://static.usrfiles.com/ugd/b8c837_59576f33e5104edd9ab1cbd62367a1f5.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.