Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=wim+hof+the+way+of+the+iceman+pdf

  • https://cdn.shopify.com/s/files/1/0431/4189/0210/files/wonimu.pdf
  • https://cdn.shopify.com/s/files/1/0431/1397/1861/files/podaxoj.pdf
  • https://cdn.shopify.com/s/files/1/0430/0151/2090/files/lolegafofe.pdf
  • https://1504bf31-ad05-4fb1-a4e4-55fc58e7a4eb.filesusr.com/ugd/d8966e_bad27a781dd445738322be08e00e1e58.pdf?index=true
  • https://34cba82b-20f3-4b94-b80b-94b5b8fc1dd2.filesusr.com/ugd/01bc73_2eb7aff073d944829b0e725fd2d17fdb.pdf?index=true
  • https://13bfa6d7-f724-44d4-b207-b7c8035ef9fc.filesusr.com/ugd/3225da_db7c5de134324905a79f790217a9dda1.pdf?index=true
  • https://cd788427-3247-4a90-88d0-61ca5283313a.filesusr.com/ugd/65b209_9ae967051f6d4573a03c9fb972edd84c.pdf?index=true
  • https://8d7c7955-bdbb-452c-b91b-f4cb6f262e71.filesusr.com/ugd/3e7897_fff77ede73504571b4856bf00a96d47c.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0433/2378/5370/files/81164111517.pdf
  • https://cdn.shopify.com/s/files/1/0431/0876/1766/files/72486390197.pdf
  • https://2c4dcff6-4e16-4ae3-b6c8-b8c06be00b06.filesusr.com/ugd/370021_3d6852ce9a95415da87818a420203529.pdf?index=true
  • https://d3816aea-ae43-45a9-90ae-47ee24af39e3.filesusr.com/ugd/02ccf7_3a16427d03144169a83c02e535ff61c6.pdf?index=true
  • https://3a5afbc6-544f-421a-a235-e86492e6e442.filesusr.com/ugd/74e905_8b2b7fe82c684127ab54c9aa048422d6.pdf?index=true
  • https://7680d92c-29c3-4b5e-85ea-5cbc27b13a9c.filesusr.com/ugd/43d598_ab3a455c57ba4c9c83533a2205398b8b.pdf?index=true
  • https://f4e09a62-2c18-4152-9b13-054e6e768703.filesusr.com/ugd/668a47_c8d60a0d12014702bffc7bae6b4d2433.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://1504bf31-ad05-4fb1-a4e4-55fc58e7a4eb.filesusr.com/

Open this report in the interactive analyzer, or submit your own file for analysis.