Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=h%2526r+block+coupons+2020

  • http://files.inolytix.com/uploads/1/3/1/3/131380539/f2c6b3aa.pdf
  • http://files.cutsbyvantilburg.com/uploads/1/3/0/8/130874204/e953d7af1f.pdf
  • http://files.pamelatraynor.com/uploads/1/3/1/4/131406498/rivawap.pdf
  • http://files.armstrongfamilylaw.com/uploads/1/3/0/7/130740264/daluwo_xarugawive.pdf
  • https://91ea5430-bbe0-4f48-8b45-e19c9076f95b.filesusr.com/ugd/bfbc46_d5177f44508d4b18b0b1a10a2b0486e9.pdf?index=true
  • https://fe5d0dee-2d02-44d6-9c2e-9c43774ec9d9.filesusr.com/ugd/3b0c81_11dc47eaafcc486cbd6157b42c83c75c.pdf?index=true
  • https://d992dad3-3c44-4073-8b6a-1f77b28b4c93.filesusr.com/ugd/3d7af5_759a7ccf792c4eeda552485f98070532.pdf?index=true
  • https://7a1d8b4d-70bb-4841-acbb-8c0036f8d916.filesusr.com/ugd/cdfdba_d34cac039e9a4bfaa3c4a95054bd06a7.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0464/6620/3806/files/todaxofusotusake.pdf
  • https://cdn.shopify.com/s/files/1/0429/0209/3987/files/fezobemeg.pdf
  • https://cdn.shopify.com/s/files/1/0438/4522/2557/files/d_d_trap_generator.pdf
  • https://cdn.shopify.com/s/files/1/0435/6187/7665/files/94309203686.pdf
  • https://cdn.shopify.com/s/files/1/0431/7000/5156/files/useful_business_english_phrases_email.pdf
  • https://43d11e90-c24d-4fcd-aa63-c1d3ca3f6431.filesusr.com/ugd/963627_bf57ed6117f04b4e8f4e57fbfbcf71c3.pdf?index=true
  • https://6b631b1f-615c-4b1d-adc2-e2312413a2cc.filesusr.com/ugd/ade4e6_a5191c34db0e4774bc238cf630a71e6d.pdf?index=true
  • https://b6f15398-a6b0-423b-b68b-83d6f748fe2b.filesusr.com/ugd/d6af85_91a0bde36bbe49199cd920cf6664603b.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.