Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=occupational+therapist+assessment+at+home

  • http://files.princetonhealthandfitness.com/uploads/1/3/0/8/130814439/badideketir-dawudajirir.pdf
  • http://zanikaw.crabbycitty.com/uploads/1/3/1/3/131383609/natulufopotida-jodugoxusamud.pdf
  • http://files.mindfulserenityonline.com/uploads/1/3/0/8/130874629/pezozulaleku.pdf
  • https://2272224c-d58b-474d-be5b-ca9da301a64e.filesusr.com/ugd/4329d7_17c4b73cddad4d9c850da66842dac06e.pdf?index=true
  • https://7d66df12-0ae2-4a88-be2b-1593b51210bb.filesusr.com/ugd/8c0e65_4d7308cbd744442ab7a5459b79d77325.pdf?index=true
  • https://1ddfafa4-8a09-4f00-ba09-9e4efe681201.filesusr.com/ugd/544e7e_ff3e00b0401945378d100a6e6ac0954a.pdf?index=true
  • https://c851e752-e3b9-4866-ae21-fd2492617cae.filesusr.com/ugd/bb4607_395d720b60c548f2989944e45905d1b8.pdf?index=true
  • https://030b531a-bf5f-4764-9a6f-a95725e8ca58.filesusr.com/ugd/f0b6b3_2caeff520de147af8ac41917098259ff.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0431/7901/6360/files/biderulesezifagiv.pdf
  • https://cdn.shopify.com/s/files/1/0433/3908/8027/files/movejujedofo.pdf
  • https://cdn.shopify.com/s/files/1/0433/7922/8837/files/kutepijemodupu.pdf
  • https://cdn.shopify.com/s/files/1/0433/9741/5077/files/90983865127.pdf
  • https://cdn.shopify.com/s/files/1/0427/9340/2534/files/ximiwelov.pdf
  • https://03b75820-3568-4e5c-acb0-26174584e5b4.filesusr.com/ugd/2d797c_14d122f471314c5aa81890471b3b26bf.pdf?index=true
  • https://5b12ed45-2b05-4625-b064-fe3b43db4314.filesusr.com/ugd/370021_fa405a9ae38340cbbadb1f8e2fd45e1e.pdf?index=true
  • https://956f1154-fb09-47b1-ae40-84ad043048ab.filesusr.com/ugd/89b1bc_05064832e58f404b96809851c7c56645.pdf?index=true
  • https://734efe57-d73c-49b5-a133-c49bec52ad35.filesusr.com/ugd/48bf55_bc6651b95ba94cecbba0457bc8396402.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.