Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=hatsan+125+vs+135

  • http://zufowuga.solretapsychicreadings.com/uploads/1/3/1/8/131856369/922212.pdf
  • http://files.crowinghen.ca/uploads/1/3/1/3/131379211/nepijid.pdf
  • http://nutiledo.bidellnow.com/uploads/1/3/1/4/131438096/3155101.pdf
  • https://eb4a723d-8a0e-4f84-b485-a5505225d747.filesusr.com/ugd/895bef_42e22747987b4b2bb9efa28c2065efab.pdf?index=true
  • https://b97736b7-7d0b-4112-80cd-21380ec5b252.filesusr.com/ugd/e9cba9_9dca0795f0b549d08e63ad723104bdb7.pdf?index=true
  • https://c8dee69b-43d9-4322-80b9-bebc96c85561.filesusr.com/ugd/80fd5d_c95c835c27704dcebcc499ab4986329c.pdf?index=true
  • https://70f63524-334d-4976-af7f-6437c56ec9d1.filesusr.com/ugd/4fea5c_0976c7e6ef014688a0a5a6a8b51fed69.pdf?index=true
  • https://31347748-a13a-4f8f-8eef-c2c1dc01017f.filesusr.com/ugd/154db6_8836ed7e9fb14a2ba2093792886327fd.pdf?index=true
  • https://1164e4cb-8b21-414d-866c-17205a127d9a.filesusr.com/ugd/74e9cf_3ed7e2b990b94d9687802333c9792b09.pdf?index=true
  • https://671a1ad0-93e8-4c65-a02d-0cbe7907315a.filesusr.com/ugd/76de1a_13b9897b2a8349edbe6696d68346e87f.pdf?index=true
  • https://16835c64-8807-4db1-a871-9e038ebd45a9.filesusr.com/ugd/e2c223_dc81b44115294e87938b480960d667bb.pdf?index=true
  • https://55b9bd1b-7b2b-42d8-a6b6-e15ed249757f.filesusr.com/ugd/110ef3_34490e84ca9747ca8e67a71edbfb82fc.pdf?index=true
  • https://ce4b2bb9-c9c7-466e-b18b-c73cea0c82bc.filesusr.com/ugd/87b9a8_53f63dc4bee4468998a7ca6eb3060483.pdf?index=true
  • https://9c2178a6-f696-4632-8c4b-12465b15324a.filesusr.com/ugd/a86d68_e6559438629b4a1ebbad7309dbb905cf.pdf?index=true
  • https://fcac0f54-e774-468e-aee3-aa7f7bf4741f.filesusr.com/ugd/81cd61_3d0f8a7c40f6465494eaba36790acce3.pdf?index=true
  • https://5fcc301b-d5f8-491c-b53b-651f86df09e1.filesusr.com/ugd/07625c_fb340b97e81142fdb5bde1662efad2ff.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.