Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/pify?keyword=officeworks+drawing+templates

  • https://cdn.shopify.com/s/files/1/0435/4159/4266/files/software_engineering_notes_for_mca.pdf
  • https://cdn.shopify.com/s/files/1/0429/7441/2949/files/foxeravifotikolibaven.pdf
  • https://cdn.shopify.com/s/files/1/0433/8502/8775/files/affirmative_action_pros_and_cons.pdf
  • https://cdn.shopify.com/s/files/1/0459/7265/2199/files/ad_aware_free_antivirus_offline_installer.pdf
  • https://static.usrfiles.com/ugd/b8c837_1e801cfe74ae4804bee56ed40a5a27b0.pdf
  • https://static.usrfiles.com/ugd/b8c837_9c66f3cb1b6c4f9f836da327d6c65b39.pdf
  • https://static.usrfiles.com/ugd/824332_3c821c396aa64484b4f06d9217119aec.pdf
  • https://static.usrfiles.com/ugd/6290de_5aacbf1434014b0a9c6a6606012f53d3.pdf
  • https://static.usrfiles.com/ugd/45fd81_7dcfa3b307f34c9ba004ea6e8b729e7f.pdf
  • https://static.usrfiles.com/ugd/9cfd0a_cf1695cf3be64a379b8f0667d549566f.pdf
  • https://static.usrfiles.com/ugd/f0f215_3d99969ab6184e98a20df480946cdebe.pdf
  • https://static.usrfiles.com/ugd/5fd5c1_de534973b46a4d64af92a9b6e25d2aeb.pdf
  • https://static.usrfiles.com/ugd/fe83c3_714f18fc16504198ac900c964d8f8463.pdf
  • https://static.usrfiles.com/ugd/40512e_af8b5542142c45b7b369b356e860a244.pdf
  • https://static.usrfiles.com/ugd/c20ea7_6ba947b05f6444198a91a659dcc3f89d.pdf
  • https://static.usrfiles.com/ugd/b8c837_9317eb29db70495d88f1b505263542c1.pdf
  • https://static.usrfiles.com/ugd/b8c837_e7e31de259ed46b0b528bd05ec5f20e9.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.