Malicious PDF — malware analysis report

Heuristics 6

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Security software disable instruction high SE_SECURITY_BYPASS
  Document instructs the user to disable antivirus or security software — unusual for ordinary documents and high-risk in an unsolicited file
• Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
  Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/pify?keyword=aplikasi+chew+wga+0.+9

  • https://static.usrfiles.com/ugd/b8c837_46ffed815959402a96d0ae1f5e3eee2a.pdf
  • https://static.usrfiles.com/ugd/865d50_9a609f78112e4f398d16ec66a712c593.pdf
  • https://static.usrfiles.com/ugd/b8c837_6a002341c7854b5e9ed481ca12bec94e.pdf
  • https://static.usrfiles.com/ugd/b8c837_680cec348eef439dabd0a506550f8eb2.pdf
  • https://static.usrfiles.com/ugd/90423f_278b65eb81e644edad4850609d7c66f4.pdf
  • https://static.usrfiles.com/ugd/271e65_c42ba69b96b840f9a8ec47cf07c27dbf.pdf
  • https://static.usrfiles.com/ugd/921909_8e39c6694f374f1e90f691d84ad6b9ae.pdf
  • https://static.usrfiles.com/ugd/0d2908_635968c9b6f741c28e15d3d2f554da36.pdf
  • https://static.usrfiles.com/ugd/865d50_41baea7c849647c295f4c41d777c24da.pdf
  • https://static.usrfiles.com/ugd/1a89c8_64a899491c75490ab3842531701b585e.pdf
  • https://static.usrfiles.com/ugd/c7ef1a_afcdc0c0a0e246a4929ab8b5ba3c7791.pdf
  • https://static.usrfiles.com/ugd/de3d83_86abb369a9c6404089f8d76a1c1bda97.pdf
  • https://static.usrfiles.com/ugd/f09a9d_f2e7b29e6f4f4955bd91f75361f1b223.pdf
  • https://static.usrfiles.com/ugd/b8c837_f28915aefff245bcae49073376a60597.pdf
  • https://static.usrfiles.com/ugd/a31856_0d7e9871435e4dc3b9262e96fce6ce4f.pdf
  • https://static.usrfiles.com/ugd/269bb8_f54acd4574534dfda050e1950aa3ea7e.pdf
  • https://static.usrfiles.com/ugd/b8c837_52b1f7723aae4e51b8b7a0f5db87dec4.pdf
  • https://static.usrfiles.com/ugd/eda9ba_5f557f57c6684f7285f0c044cda009d8.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.