Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=cursive+alphabet+printable+sheets

  • https://static.usrfiles.com/ugd/b5aed9_f95c1dcfa7e945c38574823ad622dc4a.pdf
  • https://static.usrfiles.com/ugd/eb5a6a_562bf92441e5438a8aeea1878390df39.pdf
  • https://static.usrfiles.com/ugd/3d0627_bd270cf963d94ab2a1ff9e6767526daa.pdf
  • https://static.usrfiles.com/ugd/b8c837_d2e4ea4c537e4aed807f9165405a8193.pdf
  • https://static.usrfiles.com/ugd/3ceeb9_9ac30412dc43461e9de5c785586b9b61.pdf
  • https://static.usrfiles.com/ugd/eaf48f_fb2e212336484b53b395c71e37e0e811.pdf
  • https://static.usrfiles.com/ugd/b8c837_870f38f1880f485db65ace1972aabca5.pdf
  • https://static.usrfiles.com/ugd/0adedf_6a4fefc9e0ba42c99a2167dd5e2cd84b.pdf
  • https://static.usrfiles.com/ugd/05900a_b43cd6e4c71e480398e1fcb66d837954.pdf
  • https://static.usrfiles.com/ugd/b8c837_acc9de464a35427b99cb71e95afca048.pdf
  • https://static.usrfiles.com/ugd/dc8a8e_4c8ed21ec21248c58640bc8ac31d8479.pdf
  • https://static.usrfiles.com/ugd/fb5067_3f60d0694baf4259810d91eb48949cc3.pdf
  • https://static.usrfiles.com/ugd/b8c837_ec7a96251c714a79ae3c8e2f5075f113.pdf
  • https://static.usrfiles.com/ugd/7c30af_fa93cd3e8b7043588e228b9cba18ab36.pdf
  • https://static.usrfiles.com/ugd/c345b0_cc6a8811aeff415ab2b56428c0677302.pdf
  • https://static.usrfiles.com/ugd/b8c837_a86d8827fcc54690a3be15e679b07105.pdf
  • https://static.usrfiles.com/ugd/eda9ba_e7839a9aa5924d3b940f3dea38735396.pdf
  • https://static.usrfiles.com/ugd/b8c837_eb7b9ff53afe4665843893c2008d0bbc.pdf
  • https://static.usrfiles.com/ugd/9e53d4_92d59219d9544948a28c6e4157f5cb48.pdf
  • https://static.usrfiles.com/ugd/29c71c_d3fd645ccc8a43a89cf75f65c6502506.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.