Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Callback phishing phone lure medium SE_CALLBACK_LURE
  Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
• Urgency / deadline lure low SE_URGENCY_LURE
  Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=black+and+decker+grass+hog+xp+gh1000+type+4

  • https://41b4c038-bb17-4c1b-bc3b-0f7226eca781.filesusr.com/ugd/f4de5e_a224535c99c2475a9f2613895b8199cd.pdf?index=true
  • https://3f51fa48-ca55-4c9c-af55-1b5ae30c4d97.filesusr.com/ugd/704988_92e11b2fe51a403abe49fe336c66c8c4.pdf?index=true
  • https://829bd7ce-3c58-401b-8870-9eac6edb2489.filesusr.com/ugd/8e66a5_2464ac67beab4921a7cd0ec66007bc01.pdf?index=true
  • https://2eb0adf8-f412-4ae4-9484-0f3d0d3d4db7.filesusr.com/ugd/41a0b6_2f1e0d2d22bf48eba5a10c217ef601ad.pdf?index=true
  • https://4fef58c8-bc33-43de-adf5-72421299d7ac.filesusr.com/ugd/99b222_868d62e19def4115a84c21e698a15d27.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0437/9521/8594/files/facebook_group_rules_template.pdf
  • https://cdn.shopify.com/s/files/1/0432/6824/3614/files/23596435853.pdf
  • https://f67ab0b9-a1e5-4bdd-a67e-9ed464895e55.filesusr.com/ugd/fedf23_c0818f1417284ef09d63c07feeb70efb.pdf?index=true
  • https://83c9b361-a950-4cd6-bcf5-27a040f09800.filesusr.com/ugd/99b222_9dba4f0e70e3413d8ae1ce2178250efb.pdf?index=true
  • https://b514025b-23cc-46e1-8624-2a5594612df0.filesusr.com/ugd/e5a943_2ecd2ae145f14a8fa4c0739316526d44.pdf?index=true
  • https://dc21b0af-4322-45c9-b1d1-f165d956f507.filesusr.com/ugd/0baf77_49f5d27e00c64a569d241e61c9e0da11.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0429/8768/4003/files/tedajumejekuvunulidari.pdf
  • https://cdn.shopify.com/s/files/1/0435/0610/6528/files/brady_labelmark_6_professional.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.