Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=between+shades+of+gray+chapter+50+summary

  • http://files.thecaptainsblog.net/uploads/1/3/2/3/132302963/2211242.pdf
  • http://metiri.gtgtech.org/uploads/1/3/1/3/131379179/fokamupobow.pdf
  • http://files.dorianspebbleinapond.com/uploads/1/3/2/8/132816091/6139396.pdf
  • http://files.halbertrugcompany.com/uploads/1/3/0/7/130739916/nivugugukuki.pdf
  • https://e0e7978e-926c-4545-b274-75e36dd1a343.filesusr.com/ugd/c068f8_14bd50d40d144cb3ac2e8bab0245e869.pdf?index=true
  • https://6381daf3-c097-4b9c-a124-f105a5760c99.filesusr.com/ugd/8bf3fc_c9c44a9225314864861e6a78b8cc9775.pdf?index=true
  • https://75f86165-f170-49a6-8c5f-29ce23675ed5.filesusr.com/ugd/868401_ff9dac3d8c4348ef9a871c33628420d4.pdf?index=true
  • https://ec40f0c2-f5f5-464b-a907-164039380761.filesusr.com/ugd/a4c1fa_e5606624ab2f4e08938306ea7ea985fe.pdf?index=true
  • https://4e840cdb-8fc4-4d32-8698-ff8c97a74d81.filesusr.com/ugd/5dc3ca_627691f57b0c41318396f8d22b3a1b27.pdf?index=true
  • https://2096d154-1e19-4641-adcd-439e51bb05a7.filesusr.com/ugd/7ef0dc_15898f35f41546cc9fcc85535c1b720b.pdf?index=true
  • https://deda774c-a9ea-4669-bde2-27fe61aaec37.filesusr.com/ugd/221eaa_99f0094e0ed24d479f0c2848192edce0.pdf?index=true
  • https://23fae00c-4c61-4897-b1c9-320c5f972f92.filesusr.com/ugd/585b1d_1d7cb7c1f43b46869312ddae1571c2a6.pdf?index=true
  • https://24884009-424b-4546-8f2b-f434ab2c55ca.filesusr.com/ugd/8ba634_227c2fa821ca4405ad292eea40aaabea.pdf?index=true
  • https://ce81d97b-b64a-4865-bb08-9750f8a648de.filesusr.com/ugd/fc840b_3f8616c7382842738f63964c35daae34.pdf?index=true
  • https://fbc91481-480b-4863-a761-8fd9ee970633.filesusr.com/ugd/4bb894_bea60a3da22449ab8a4c48540216dc8a.pdf?index=true
  • https://2750088f-92d8-4d4f-9549-821b3dba7040.filesusr.com/ugd/26481d_910f7f28d926457ea266c8d334ca26b5.pdf?index=true
  • https://b7cefcd4-c935-4739-bcb5-470b9a8a3432.filesusr.com/ugd/f515ca_1465ac816c284b6598ff28eb0fab2fd8.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.