Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.cc/wix?keyword=halloween+2018+theme+song

  • https://static.usrfiles.com/ugd/1cc7e8_cb21b4b7e1fd4e4f911cc76ce45ede15.pdf
  • https://static.usrfiles.com/ugd/99a8f2_85971e0681cb4259b23d2d267d616351.pdf
  • https://static.usrfiles.com/ugd/22739b_8ecadb2a877742d19a1e6223d55807ce.pdf
  • https://static.usrfiles.com/ugd/3ceeb9_cfdc3aaf20f04ff7963d3d37e33a8607.pdf
  • https://static.usrfiles.com/ugd/2e4eb4_34f4d7f6aa974cb9a364135f66b8a6c0.pdf
  • https://static.usrfiles.com/ugd/b8c837_eaf3340ce393431a8cf9bcce220e30dd.pdf
  • https://static.usrfiles.com/ugd/b8c837_f139695ee2484889a870e9f9d6725a17.pdf
  • https://static.usrfiles.com/ugd/4bb894_16215a61b87a4f0fae7e5dc9a4cb8c3d.pdf
  • https://static.usrfiles.com/ugd/3d0627_545e3de97b674563ac68d1bce78974d7.pdf
  • https://static.usrfiles.com/ugd/72b0e7_93851746c6a141fbac15a597ad2bf4d2.pdf
  • https://static.usrfiles.com/ugd/1813b3_c56480c53ffc42fd8edff7cd8234fc1f.pdf
  • https://static.usrfiles.com/ugd/429b25_0fc7ffd5de534f80a8c9d61238eb418f.pdf
  • https://static.usrfiles.com/ugd/dfb5f8_82de2d3494cf45fdb749cf4d5ecd46eb.pdf
  • https://static.usrfiles.com/ugd/b8c837_838b1f6d921a45f588b90eeb6c1afaef.pdf
  • https://cdn.shopify.com/s/files/1/0429/3338/7423/files/roragijamun.pdf
  • https://cdn.shopify.com/s/files/1/0432/2813/5592/files/jebafezo.pdf
  • https://cdn.shopify.com/s/files/1/0431/5004/9448/files/lakirepuzibaluvofiwozur.pdf
  • https://cdn.shopify.com/s/files/1/0432/9105/0137/files/68856444729.pdf
  • https://cdn.shopify.com/s/files/1/0447/0882/3193/files/bise_lahore_9th_gazette_2020.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.