Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=skyrim+pieces+of+the+past+good+or+bad

  • https://cdn.shopify.com/s/files/1/0452/5637/6480/files/frmacos_anticoagulantes.pdf
  • https://cdn.shopify.com/s/files/1/0438/6213/0848/files/20896486972.pdf
  • https://cdn.shopify.com/s/files/1/0434/0508/2781/files/android_10_samsung_tab_s5e.pdf
  • https://cdn.shopify.com/s/files/1/0432/3170/7294/files/15020631460.pdf
  • https://cdn.shopify.com/s/files/1/0432/7469/8912/files/pevupetetanujazigit.pdf
  • https://cdn.shopify.com/s/files/1/0430/3332/9815/files/62761364660.pdf
  • https://cdn.shopify.com/s/files/1/0436/4081/5774/files/90157877737.pdf
  • https://cdn.shopify.com/s/files/1/0437/1090/6520/files/18358784256.pdf
  • https://3f23798d-8861-444e-b630-7cf59ba6f55d.filesusr.com/ugd/3f80ec_b7f3eaab92e64cc2a52fd77f511738a6.pdf?index=true
  • https://7fd1453c-8f02-46cf-aff2-90a3418a22b3.filesusr.com/ugd/9ef0c3_fdb422f2745840a4a72be3a45140230e.pdf?index=true
  • https://0bb3ac2e-fc34-4800-9b08-a47dbcbb31a0.filesusr.com/ugd/dcc11b_eb8b4523fb1d4cf08660d9d72d9c904e.pdf?index=true
  • https://475ba9ae-2147-437b-8745-a49489be4a80.filesusr.com/ugd/7d1dc9_78a8431a10fe45ab82d9f27dfe7263f0.pdf?index=true
  • https://bf9e585e-da2a-4008-8b25-d08d9c54eae0.filesusr.com/ugd/1813b3_04e0b79b77424dc8b25bd94c1d318aa0.pdf?index=true
  • https://6fce12d9-e442-4642-8bef-7c29ceb310e0.filesusr.com/ugd/2c76f4_4f6d825daea74396830bd49f3e76d880.pdf?index=true
  • https://5fe99a0d-d224-412d-8f8c-7f10b0b60902.filesusr.com/ugd/b5472a_a078abeaec9a4816974c8922e5238597.pdf?index=true
  • https://c4f02167-d1f1-416a-8391-49f2d7c2d9d9.filesusr.com/ugd/28146e_553f0ddceb7d487cade2fd1669ffc69b.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.