Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.me/wix?keyword=a+minister%2527s+manual+for+spiritual+warfare

  • https://485692d8-a040-4d02-b0ae-a59809636086.filesusr.com/ugd/2ca22b_9cefc726f5654904b80359d7223292af.pdf?index=true
  • https://268570ef-4d1f-47af-b7cb-dfd28ecefb92.filesusr.com/ugd/8da65f_51ee32abb267409383053b3f0f199965.pdf?index=true
  • https://84dbcac0-6473-4563-9db3-db3a1c5c49d3.filesusr.com/ugd/8e6e76_9083a64bece54f568d11154256cef340.pdf?index=true
  • https://603c4a1f-2ce0-492b-a0f8-107e765ceadd.filesusr.com/ugd/136d3d_c4c55c50763047ab89d29a4c8d815fd2.pdf?index=true
  • https://b54668d4-b56a-4df4-a2f6-d230530638ac.filesusr.com/ugd/9219f8_bee77f1c256c44d8b85ff3833b3b242c.pdf?index=true
  • https://b9992f50-beeb-4ad9-9c87-b0344b01f2f0.filesusr.com/ugd/c57cae_6b4566378ccd49c2a3e201a9ba840e33.pdf?index=true
  • https://accc29cf-ac7b-4d28-ad60-ef4b752da5e7.filesusr.com/ugd/9374a7_d309882e86dc4bfab499f9aebf7a721d.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0432/4386/4224/files/microsoft_wifi_direct_virtual_adapter.pdf
  • https://cdn.shopify.com/s/files/1/0463/7461/7249/files/25137921570.pdf
  • https://cdn.shopify.com/s/files/1/0433/3876/0342/files/43687732869.pdf
  • https://0752870a-291c-4ea5-944a-5fbfa2128e2f.filesusr.com/ugd/ceb2e8_4d7cd2d7a7484ae2a1e18bbddd034348.pdf?index=true
  • https://9bf281c0-ed09-4581-b0bf-9b7001f9c0a4.filesusr.com/ugd/f515ca_72ce57e2eb6d4dcd8fe57c33ad48c343.pdf?index=true
  • https://c56594cd-64c3-41a0-9b52-17a1af5cb561.filesusr.com/ugd/625844_b8bf03eba139442294767f7f776424ab.pdf?index=true
  • https://afae08ee-a88f-49f7-8106-178e52ebc24e.filesusr.com/ugd/03a576_e2892a6d011b4dc7a0dac0b6f869680f.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.