Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=saxon+math+course+2+pdf+drive

  • https://cdn.shopify.com/s/files/1/0433/0595/9574/files/11317010463.pdf
  • https://cdn.shopify.com/s/files/1/0428/5366/2887/files/zagip.pdf
  • https://cdn.shopify.com/s/files/1/0431/0512/4503/files/lafozuteligofobiw.pdf
  • https://cdn.shopify.com/s/files/1/0431/1157/9809/files/kupuvok.pdf
  • https://cdn.shopify.com/s/files/1/0432/6552/3870/files/fikinegokanogesefud.pdf
  • https://cdn.shopify.com/s/files/1/0433/8050/6773/files/fukowabew.pdf
  • https://cdn.shopify.com/s/files/1/0431/8717/5588/files/ghost_rider_game_unblocked.pdf
  • https://cdn.shopify.com/s/files/1/0460/7085/7892/files/alvida_song_pagalworld.pdf
  • https://cdn.shopify.com/s/files/1/0434/9142/6469/files/basic_isometric_drawing.pdf
  • https://4cfe1f6f-3fb6-44df-a7a8-ffa9320bdfa4.filesusr.com/ugd/12dc78_d22bb2ed6da645eeb3e9bdfd11c93c87.pdf?index=true
  • https://652de5c0-acff-407f-9ac4-af943cdaca31.filesusr.com/ugd/f65518_13478a8e5db54839b33aa9f1b2755d18.pdf?index=true
  • https://489ecb68-3c25-42ef-a3d8-f8d59a46c19c.filesusr.com/ugd/740d8c_8580a6cd67e648a7b3fe62dbb19770a2.pdf?index=true
  • https://3d3a4c52-6eb8-48da-8813-3b36050d01d5.filesusr.com/ugd/24d943_6f90ef9867e444198bd7d77c8258e289.pdf?index=true
  • https://5cbc90c9-8cbf-452d-bb37-c507391b1b9b.filesusr.com/ugd/01d500_9e2ae032fba241b3b74a580f72d0a749.pdf?index=true
  • https://2d914652-ecd0-47fd-9aaa-a7846f837762.filesusr.com/ugd/405339_ec3632773d2e46589a7f4b0ab064068b.pdf?index=true
  • https://0e9c9eed-7e49-4fb4-859c-dbd0e9d0e639.filesusr.com/ugd/682d1c_00a0d88e64a3454088ac11453e9f4ce2.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.