Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=heroic+cenarius+guide

  • http://files.kil-n-it.com/uploads/1/3/1/4/131437312/kamawixexaritalo.pdf
  • http://levomavol.creasman-counseling.com/uploads/1/3/1/6/131636766/5004704.pdf
  • https://eb67ac61-1264-4d2f-b26f-e953363ae98a.filesusr.com/ugd/b2ba6b_12004d5149e94202b4f610980018c2af.pdf?index=true
  • https://ee00f8f9-adfb-47c9-b56a-17e137e3ca9b.filesusr.com/ugd/9904c2_0d687643c34f40b8bc9217b82d0673d8.pdf?index=true
  • https://c2430255-eef0-4c41-a902-97462afbd329.filesusr.com/ugd/5262df_6dedc541e13e475984e55c9a994dfd1d.pdf?index=true
  • https://457ca825-3b65-4dfb-be7b-fc12af8018ae.filesusr.com/ugd/bc4951_e643f72754434d65a641297ed9ac792b.pdf?index=true
  • https://670cdd72-aea3-4b2d-b7f0-39e84069a2c9.filesusr.com/ugd/8e1900_bca0035f1d074edba69591b4f681d382.pdf?index=true
  • https://59abe2c9-6941-42b4-8116-9ef58026577a.filesusr.com/ugd/a4ea6c_04929813df514dc496eb9c2d9b5a2fd7.pdf?index=true
  • https://eea976ce-6ee9-4701-8707-f7ebb7a9cb38.filesusr.com/ugd/a31856_6c3b23fbef064f478b749c094d0adc04.pdf?index=true
  • https://1537068b-5ba7-4ea0-8926-52e7af4732cf.filesusr.com/ugd/2e4eb4_b706825978b84bfb82a5e092785dd05d.pdf?index=true
  • https://3d4fb16f-e115-47c8-ba3d-5912d9c24a82.filesusr.com/ugd/fe0276_c042fab7fc264e509a16435d28a2b185.pdf?index=true
  • https://82a4794e-f0f2-4700-b2f4-83d68ae6260a.filesusr.com/ugd/b7306e_22a802084cf84d5cbc7e4161afcb6c82.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.