Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=fdle+cjis+certification+training+manual

  • http://nibeteb.longlivethedogs.com/uploads/1/3/2/6/132681670/1057891.pdf
  • http://files.iamanonymoused.com/uploads/1/3/1/0/131070476/847434.pdf
  • http://files.peytonpickenpaugh.com/uploads/1/3/1/4/131406291/e383c.pdf
  • http://kibuzune.clsportswear.com/uploads/1/3/0/9/130969130/detume_jodonusofa.pdf
  • https://e12b6780-feec-4510-8380-e8c49307101a.filesusr.com/ugd/2813e2_1f458507e8bc4097bb0acff8e041be3d.pdf?index=true
  • https://eee43d28-b5d1-437a-8dd1-8ad49974dad2.filesusr.com/ugd/ccf397_1d09b10c19734896bea6d9e9987f717b.pdf?index=true
  • https://36c6d260-ed84-4385-bcce-4431179f93ff.filesusr.com/ugd/4c76bf_c6e70d0c436e4453aad97dc67790c04b.pdf?index=true
  • https://41086e68-8499-46f5-9684-95c789770fbd.filesusr.com/ugd/db93e9_4aa3c6c5ed874cb6b1cc78d88e03b61b.pdf?index=true
  • https://65cb03e7-274d-4fb6-b585-c8c70d2f6058.filesusr.com/ugd/cb0188_a0e6f8f937724ec799a074d6a6be3fde.pdf?index=true
  • https://5021d54a-1df2-4ce2-be4e-c661dcbfcd4c.filesusr.com/ugd/4fb05f_86b88cf24dcb408e97dc477a43b92458.pdf?index=true
  • https://25be4fa9-7a25-410a-8393-9d2587e55883.filesusr.com/ugd/0286dd_3d815411b82e4a80a1a52931cdb8b5a6.pdf?index=true
  • https://244faffa-8ba2-4601-8c79-9713e166bde1.filesusr.com/ugd/b81754_14c9957db78a4ea9a5cbc23dc78195d8.pdf?index=true
  • https://fe4c9c8d-c2f2-4ae8-9e53-7eec50c502f4.filesusr.com/ugd/277b62_c70ec0c622f6463daeeacb160a2a7fc0.pdf?index=true
  • https://a8563f9d-e3b7-4aad-b014-d76970806102.filesusr.com/ugd/314c35_669ea16534a244bab1bc3f0da7ea6716.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.