Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=fire+emblem+echoes+fear+mountain+guide

  • https://static.usrfiles.com/ugd/99965f_c3c7650a886448c78c3d1d4eb911d51d.pdf
  • https://static.usrfiles.com/ugd/73c254_9addf4abd86640f4a740c0f867bfb568.pdf
  • https://static.usrfiles.com/ugd/1c8c1e_4130c87cd5444e909688af2caee3e856.pdf
  • https://static.usrfiles.com/ugd/67e251_2ce8b8d49a3e4a0c9d6829deac565c91.pdf
  • https://static.usrfiles.com/ugd/ea9bdf_30b7396554de4d958a0b46d108a39d5e.pdf
  • https://static.usrfiles.com/ugd/77941b_0b2c43bf0d0a46dab3d3305e0c599dc0.pdf
  • https://static.usrfiles.com/ugd/c3548c_3071310cdca5447e9e06a074ca485d17.pdf
  • https://static.usrfiles.com/ugd/b09e1d_7b0d917628d24a7d9f5e89e215ed4664.pdf
  • https://static.usrfiles.com/ugd/2274a7_b2087a5b87e64aa5a2b33b3a20e2533f.pdf
  • https://static.usrfiles.com/ugd/217d68_70a37e9860034bc1b6f26110b696520f.pdf
  • https://cdn.shopify.com/s/files/1/0428/5012/3943/files/88722128920.pdf
  • https://cdn.shopify.com/s/files/1/0430/9801/3850/files/ardamax_keylogger_5._0.pdf
  • https://cdn.shopify.com/s/files/1/0432/0234/7168/files/13648844188.pdf
  • https://cdn.shopify.com/s/files/1/0440/0542/5310/files/35181678466.pdf
  • https://cdn.shopify.com/s/files/1/0465/0536/1566/files/25605144060.pdf
  • https://static.usrfiles.com/ugd/f64db8_163fe72f84614ca0a24731bef1299322.pdf
  • https://static.usrfiles.com/ugd/1849a1_cd311fffc9e743aca9cfd8d354a0d984.pdf
  • https://static.usrfiles.com/ugd/97493d_defb2794fee34ce3846be92988e9aab0.pdf
  • https://static.usrfiles.com/ugd/e73fea_ebb61d2957d24d32b46e3a6fedeeefaf.pdf
  • https://static.usrfiles.com/ugd/7ea8bb_92ae21bac24b4d33aa6167eaec57c403.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.