Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/123?keyword=android+architecture+components+viewmodel+data+binding

  • https://cdn-cms.f-static.net/uploads/4367277/normal_5f875b9a843d9.pdf
  • https://cdn-cms.f-static.net/uploads/4366362/normal_5f872dc0d2df3.pdf
  • https://cdn-cms.f-static.net/uploads/4365642/normal_5f870c9be9686.pdf
  • https://cdn-cms.f-static.net/uploads/4365589/normal_5f883b342322d.pdf
  • https://cdn-cms.f-static.net/uploads/4366327/normal_5f871825d3537.pdf
  • https://dimaxafazeza.weebly.com/uploads/1/3/1/4/131453031/nukexifepejisox.pdf
  • https://wefejakero.weebly.com/uploads/1/3/0/8/130814310/kegagipukofefud.pdf
  • https://megadezatesaram.weebly.com/uploads/1/3/0/7/130776649/8051375.pdf
  • https://digafixi.weebly.com/uploads/1/3/0/7/130776371/zejiroku.pdf
  • https://uploads.strikinglycdn.com/files/018dc5d3-b01a-4afc-af09-61c77c1f1575/vunigamuxupagomipoliti.pdf
  • https://uploads.strikinglycdn.com/files/f02e2c41-4260-4295-8ab0-196ae6b68b16/43293685652.pdf
  • https://uploads.strikinglycdn.com/files/f6b65d78-5db3-42ca-a09f-a1fbb09d7dac/tekivojajifupajopagoj.pdf
  • https://uploads.strikinglycdn.com/files/485ab09d-bbcd-4a55-bb7e-df30a8d5ed3f/wineweriworunuxala.pdf
  • https://cdn.shopify.com/s/files/1/0498/3478/6971/files/glockstore_promo_code_november_2019.pdf
  • https://cdn.shopify.com/s/files/1/0479/1979/2294/files/zigoguxata.pdf
  • https://cdn.shopify.com/s/files/1/0428/9930/8700/files/jaco_de_bruyn_gym.pdf
  • https://cdn.shopify.com/s/files/1/0435/7039/7352/files/checkpoint_firewall_architecture.pdf
  • https://cdn.shopify.com/s/files/1/0482/7902/7867/files/native_american_families.pdf
  • https://cdn.shopify.com/s/files/1/0433/7870/4536/files/ninejug.pdf
  • https://cdn.shopify.com/s/files/1/0266/9523/7832/files/emotional_intelligence_2.0_book_study_guide.pdf
  • https://cdn.shopify.com/s/files/1/0480/2012/7903/files/android_shadow_background_drawable.pdf
  • https://cdn.shopify.com/s/files/1/0429/9853/0201/files/moonlight_lyrics_ariana_grande_chords.pdf
  • https://cdn.shopify.com/s/files/1/0266/7698/6034/files/aroma_rice_cooker_slow_cooker_food_steamer_recipes.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.