Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=dickens+of+a+christmas+spartanburg+sc

  • http://files.christaevansheath.com/uploads/1/3/1/6/131606343/noxiwurigez-numida.pdf
  • http://files.willisandsonsfuneralhm.com/uploads/1/3/2/8/132815979/kovanete.pdf
  • https://8cb515e0-5c16-460f-a991-e5771e86ad9c.filesusr.com/ugd/50988c_90f512bb2cd74ac7a800bfbf0dac6105.pdf?index=true
  • https://47d15d5b-82e7-4edd-a785-7a4975fde1db.filesusr.com/ugd/73c254_76583c1c433d43e387aa3c727d235d63.pdf?index=true
  • https://f599b4c4-75e0-41a5-a5da-a8ba03868805.filesusr.com/ugd/238140_1f3ed2c7eca943bab627b6f15615e551.pdf?index=true
  • https://644fc45a-d96d-4acf-bb47-90dc16b25ba1.filesusr.com/ugd/d1c05f_e35f657ce3054b4fab6b71fbf5fae8bb.pdf?index=true
  • https://1242d448-8f36-4cb0-adf1-861ae9a8af9a.filesusr.com/ugd/3d514e_35d37fb33e8646a4bb152a20ae3e2ae2.pdf?index=true
  • https://902ac904-624a-4681-967d-260380370189.filesusr.com/ugd/d4c4cf_0a2896153df6413e82cb2d4be3a93518.pdf?index=true
  • https://eb1556a2-b224-4a79-8acb-239e9d3422ca.filesusr.com/ugd/5cd33b_645c7424567d4058b8cb9f27a0eb08e6.pdf?index=true
  • https://4cae7137-ab93-4f70-b400-2cfd88cc659f.filesusr.com/ugd/c67d0c_465c4c6fe1574f9d9294258c2ab68f84.pdf?index=true
  • https://e98d8893-cc9e-4fdc-abb2-605b76114483.filesusr.com/ugd/c33cdb_384741bba14d4053afa0634498bd1154.pdf?index=true
  • https://fe4b244f-09ca-4288-913d-858b848d927b.filesusr.com/ugd/a43ec6_e4db50b69243479580535e8db4e96b45.pdf?index=true
  • https://5f0d3462-d2e5-422e-9d14-789b9b38aff2.filesusr.com/ugd/41f880_787c8612127446179bffbc668a3b726b.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.