Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=last+shelter+survival+apk+mod+ios

  • https://3f3bf6fd-0078-493b-9dec-dcd3d6d9aece.filesusr.com/ugd/c83fdb_a1d0a8151ba646d8a889c04ef9bfb601.pdf?index=true
  • https://6711d6c1-39ce-4016-991b-a76289b985a1.filesusr.com/ugd/f515ca_ce592003f89d4aa586be944e6400e9ea.pdf?index=true
  • https://04cb7ade-8699-4b1e-a837-1d608fc65977.filesusr.com/ugd/71fd01_b6fa21c0ef6f43ccb17e4a6bdc4f8926.pdf?index=true
  • https://37da5d68-0f16-41a3-8565-8b0701101630.filesusr.com/ugd/8acad3_0e529c1c10e943ec8b07085befa5e903.pdf?index=true
  • https://ec8c1ecb-4c87-4807-b1dd-65a90b869df1.filesusr.com/ugd/89064d_10709abdd53f4e83b4b3013590ee4609.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0457/3734/5180/files/54537204474.pdf
  • https://cdn.shopify.com/s/files/1/0431/5801/2068/files/hanukkah_worksheets_grade_2.pdf
  • https://3d291620-cbfc-48f5-82ed-413ce812bdcd.filesusr.com/ugd/1a89c8_12f313d0d5f34dd7b266d80fac877713.pdf?index=true
  • https://82fa63d9-1033-4dd3-95ad-e2c6507e2b61.filesusr.com/ugd/4c1554_5cfde8ad0032414f9814c7cebe0b1066.pdf?index=true
  • https://7fbeab49-e59c-4c00-8ff8-780dc91db50a.filesusr.com/ugd/7cefa9_68a728f934ca406aa8d9dc632719708c.pdf?index=true
  • https://2c3ace21-ece0-4f8b-9232-fd35f69f4fce.filesusr.com/ugd/e643da_3afdd5fe245c4560a315c3339502db79.pdf?index=true
  • https://d81368f9-8d24-4254-8042-6fc9c1269551.filesusr.com/ugd/77941b_afd48d4a5084475db025b7c51c3849f3.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0432/8390/6724/files/xisozujobupabalu.pdf
  • https://cdn.shopify.com/s/files/1/0435/9972/4703/files/html_to_converter_asp._net_core.pdf
  • https://cdn.shopify.com/s/files/1/0433/6628/5480/files/42485140661.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://6711d6c1-39ce-4016-991b-a76289b985a1.filesusr.com/ugd/f515ca_ce592003f89d4aa586be944e6400e9ea.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.