Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=nes+emu+apk+free+download

  • http://files.amgnational.org/uploads/1/3/2/3/132303083/jejugifo.pdf
  • http://files.soniceliteolympia.com/uploads/1/3/0/8/130814926/8a23465fe.pdf
  • http://files.mackenzieemievents.com/uploads/1/3/0/7/130775903/lududevak.pdf
  • http://files.brightleafscience.com/uploads/1/3/0/7/130738553/2125363.pdf
  • http://ruvobe.rangebourne-pets.co.uk/uploads/1/3/1/4/131453960/4217390.pdf
  • http://visate.foto4funphotography.com/uploads/1/3/2/6/132683014/9379745.pdf
  • http://gekuvaxaj.drewryfarmsmaple.com/uploads/1/3/0/7/130739069/tovejoputunatiner.pdf
  • http://files.castervaria.org/uploads/1/3/0/9/130969301/7373351.pdf
  • https://a936f421-fd47-4d98-a3d4-36f6ef104203.filesusr.com/ugd/7f16bd_574c51cd3056431485ad5c08b1968526.pdf?index=true
  • https://f45cbc53-081c-48c3-9451-f1868592e65e.filesusr.com/ugd/6f7357_1a1eeb036f8d41589db788149e24b3b0.pdf?index=true
  • https://c39ec6d0-61ba-4198-9602-6f01e4e076d4.filesusr.com/ugd/3f2390_a9d70f43272246c2ad5ac1555f3a458d.pdf?index=true
  • https://52ffa002-59bc-4ffa-bbf7-baec624048bb.filesusr.com/ugd/d775a9_4647dacd442c40feb7f42e040de29b11.pdf?index=true
  • https://079fc123-92c5-4934-9652-eb73ddd0130c.filesusr.com/ugd/1e11d0_3ba72d10596e4e94a86160071c5a941c.pdf?index=true
  • https://52a3dda3-1961-484f-a74e-80cc62af1375.filesusr.com/ugd/61567a_f481a89a001049d7b4ec91c7b817019d.pdf?index=true
  • https://99618720-36a1-46cc-b988-94cb2fed71d1.filesusr.com/ugd/c068f8_446b559ac6e444ecbeadb270205ed021.pdf?index=true
  • https://e92b4ee8-c691-45b7-b5ff-778fdb1f8500.filesusr.com/ugd/1b9faa_e052ca50a47148b68ae3021a6f444767.pdf?index=true
  • https://face9cc4-3981-4dbe-b6f6-5dfbc6e8fbf9.filesusr.com/ugd/7dd30d_d183fa721ff44f47b4e86e84841fb74b.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://52ffa002-59bc-4ffa-bbf7-baec624048bb.filesusr.com/ugd/d775a9

Open this report in the interactive analyzer, or submit your own file for analysis.