Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.com/wix?keyword=android+cardview+example+with+gridlayout

  • https://static.usrfiles.com/ugd/9e14ca_17743068dd4342dea83b5160084945fd.pdf
  • https://static.usrfiles.com/ugd/8b2c09_571c197366c44c458f303fca90adbdcd.pdf
  • https://static.usrfiles.com/ugd/136d07_e53b57a89e604103ae05fae1a31598be.pdf
  • https://static.usrfiles.com/ugd/8e1900_49b5aa88f04f48e5bd9f59e4726f2949.pdf
  • https://static.usrfiles.com/ugd/87a178_7d59cbe0a4a949ee913db8093493e491.pdf
  • https://static.usrfiles.com/ugd/735189_5546bb42a07c43099ab5cee4cd45e8b8.pdf
  • https://static.usrfiles.com/ugd/ade4e6_207d0c328d1c4dc8bcdae212a5091312.pdf
  • https://static.usrfiles.com/ugd/b8c837_1b115f2842dc46fd86c817f23cd85627.pdf
  • https://static.usrfiles.com/ugd/4d6844_14da0007765d42ff9b8ad920fd75fa94.pdf
  • https://static.usrfiles.com/ugd/b8c837_82d68c2fe8a948b0bf6390ae701f5144.pdf
  • https://static.usrfiles.com/ugd/63d3ad_697ac2d4c2194176b0ecb2fa786c6a24.pdf
  • https://static.usrfiles.com/ugd/a2e20a_5ce8acba89b946c5943ef163cff5b806.pdf
  • https://static.usrfiles.com/ugd/0a51c1_288af20f332b4c8b829b9e54c68733c3.pdf
  • https://static.usrfiles.com/ugd/6da380_b3e3ecedcd184d2eb7cdc8397724059c.pdf
  • https://static.usrfiles.com/ugd/c7a620_0ad481c5a433439a9f6b1dd5d9d987af.pdf
  • https://cdn.shopify.com/s/files/1/0427/7387/2807/files/9721323260.pdf
  • https://cdn.shopify.com/s/files/1/0428/0002/1667/files/78403385521.pdf
  • https://cdn.shopify.com/s/files/1/0437/1313/4757/files/84462129027.pdf
  • https://cdn.shopify.com/s/files/1/0434/4460/0999/files/how_to_uninstall_dropbox_on_mac.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.