Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=circumcenter+practice+worksheet

  • http://files.7kmetalworx.uk/uploads/1/3/2/6/132696233/2883034.pdf
  • http://files.hillmensoccer.org/uploads/1/3/1/8/131856917/lukizabuzu.pdf
  • http://files.transformanimaltraining.com/uploads/1/3/2/6/132682833/ee71be81cbe.pdf
  • http://files.nnslscnippers.com/uploads/1/3/1/3/131398308/xigawe_darag_vawuwibep_faxogezafudu.pdf
  • http://files.emlisservices.com/uploads/1/3/1/4/131437660/3005307.pdf
  • https://ad3ef77e-4325-4a20-b247-80647c1725f2.filesusr.com/ugd/6df952_4e46f2dbb66c4932bc3bca09de98f4b8.pdf?index=true
  • https://b9ab8974-c41a-46a5-ae8a-4f750516ecf1.filesusr.com/ugd/610d21_6a43fd3e9a58455b8c9599a96c3c42f8.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0439/4575/4792/files/counterparty_credit_risk_and_credit_value_adjustment.pdf
  • https://cdn.shopify.com/s/files/1/0440/1109/4174/files/new_ps4_emulator_for_android.pdf
  • https://cdn.shopify.com/s/files/1/0450/1949/6606/files/coachmen_rv_service_manual.pdf
  • https://cdn.shopify.com/s/files/1/0429/6281/3084/files/gosoduvipagoxizomuvitulu.pdf
  • https://e467ff38-8314-4c3b-802b-eb67c6545378.filesusr.com/ugd/b98abb_c9b6e9f3d9da474c97529bb11b1e736a.pdf?index=true
  • https://ee02597b-35a1-4632-8e5d-06db96e844f9.filesusr.com/ugd/96a426_3d004eba314c4790b9a08ba309dec22b.pdf?index=true
  • https://90b2b549-350c-41c7-9e14-8aab2d6db6c0.filesusr.com/ugd/d43733_46c0b7e84a15457799cb6b3e31f53d77.pdf?index=true
  • https://14379d81-c371-4c17-96d3-8c379952b0d3.filesusr.com/ugd/b56239_e3036553c238487b8343e9da5bd7bcd6.pdf?index=true
  • https://0753e910-d2b1-4ace-8c62-70f073ce741e.filesusr.com/ugd/4fea5c_83b3c0b5555442118691e35fabf3cbd2.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.