Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=app+box+pro+apk

  • https://d12b36ab-8644-4dc1-b413-a13d82a6d7bd.filesusr.com/ugd/89064d_e3b96bc8a0c444cc97cc51b57b96de49.pdf?index=true
  • https://ad4625e8-6434-4738-bef9-95675f885def.filesusr.com/ugd/35c6e2_0c087df9fba842c0b6fcb2bac0cd73e1.pdf?index=true
  • https://20b44dae-efa8-4908-84df-f6bc35aeb94e.filesusr.com/ugd/f1780b_8b623f9a634c4eec8c76f8f863d2aa11.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0432/2741/4695/files/bluecoat_school_liverpool_sixth_form_open_evening.pdf
  • https://cdn.shopify.com/s/files/1/0437/1932/7896/files/63402385190.pdf
  • https://cdn.shopify.com/s/files/1/0429/6104/3605/files/winuxesewuvugerawokiw.pdf
  • https://cdn.shopify.com/s/files/1/0439/1567/3752/files/74550370898.pdf
  • https://cdn.shopify.com/s/files/1/0433/8984/5667/files/hollywood_adventure_movies_in_english.pdf
  • https://cdn.shopify.com/s/files/1/0429/3951/5039/files/31929602658.pdf
  • https://cdn.shopify.com/s/files/1/0434/1032/5671/files/xukiguloretabusoxevew.pdf
  • https://cdn.shopify.com/s/files/1/0486/3266/0136/files/siraposejawuwugi.pdf
  • https://cdn.shopify.com/s/files/1/0436/9501/4056/files/background_images_free_for_picsart.pdf
  • https://2308688d-fc44-42fd-a78c-e450c1ff8bcc.filesusr.com/ugd/a467d2_abb8e243095c4448b267a756d070b7d9.pdf?index=true
  • https://ecdce5bb-d139-460c-867c-4d5465d53e6c.filesusr.com/ugd/77941b_9cc06259a9d5427fbfaa62f3ae615f7f.pdf?index=true
  • https://0b3b94eb-f447-4362-94ca-d9e11b045a53.filesusr.com/ugd/18122d_06aabdc5495b4bdf9f7430620e3dfb2c.pdf?index=true
  • https://809a7bcf-18c5-4cab-9c49-0c413a0364f1.filesusr.com/ugd/69695d_4f91dc956c5e4d968bdb1fed4787ccca.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.