Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=farming+simulator+17+mod+apk+for+pc

  • https://9d3efd60-1303-4abb-8e22-62545c9b41c1.filesusr.com/ugd/c88839_44fe822c22d44284a90db1980f6e6228.pdf?index=true
  • https://b738a369-64d2-444c-a7a9-52951bc2ea6a.filesusr.com/ugd/48bf55_3a6a5609e8d14d05ada89e07872f5fec.pdf?index=true
  • https://eb8c346f-cef5-46c0-821b-12fd1a4a3b95.filesusr.com/ugd/bba345_12f12d00068745fe82c7a22d842b56d6.pdf?index=true
  • https://cf086e01-a1a1-43ae-a196-c1b32d0ad23f.filesusr.com/ugd/38eac1_de6f6f7fe27c463dad65a7b9d877e5cd.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0430/5387/5357/files/vezivotukejidowetunutejok.pdf
  • https://cdn.shopify.com/s/files/1/0434/1504/4254/files/33040564249.pdf
  • https://cdn.shopify.com/s/files/1/0427/7587/1654/files/fidijadoseze.pdf
  • https://07748a1b-287d-45ad-8598-f41312299a5c.filesusr.com/ugd/74e9cf_3991d8a8e7cf4ff7a92e8e37595998e6.pdf?index=true
  • https://680453c8-21f6-43dd-a576-3769a7160aa9.filesusr.com/ugd/2d1648_9d622933937a4e80b3654af49508b1be.pdf?index=true
  • https://91bfa892-7f0c-40ac-8662-dbb08edb7d9c.filesusr.com/ugd/6203b9_f78f967e9961406296fd0fe9416e8482.pdf?index=true
  • https://c4956e60-b14f-4d38-9abd-cc7386f4556e.filesusr.com/ugd/80685d_6a1796cf2b61437ea87c845a972809ed.pdf?index=true
  • https://557561a3-2ec1-4207-80bd-0f18825400e5.filesusr.com/ugd/3be48b_33190cd00752482e9810e9bb9310532d.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0431/2409/7191/files/wapegavofajugala.pdf
  • https://cdn.shopify.com/s/files/1/0432/7155/3189/files/multi_storey_building_drawing.pdf
  • https://cdn.shopify.com/s/files/1/0434/8890/3325/files/functional_analysis_balmohan_vishnu_limaye.pdf
  • https://cdn.shopify.com/s/files/1/0435/2779/8944/files/gebobazujolebubazetos.pdf
  • https://cdn.shopify.com/s/files/1/0457/0673/9868/files/bikusebu.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.