Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.club/wix?keyword=hotspot+shield+elite+4.2.5+apk+vpn+proxy+cracked+full+unlocked

  • http://lafaz.shortages.net/uploads/1/3/1/4/131437987/2918903.pdf
  • https://ab888b9d-dc70-4c4b-96b0-bbfffbdd6122.filesusr.com/ugd/3e5db3_6625136eade4432388fd535dce7268b7.pdf?index=true
  • https://9a8380fe-5ad7-4891-80cf-19cd195a6b66.filesusr.com/ugd/b77b08_1b560efa9a8a4b3bab5fa32976738496.pdf?index=true
  • https://72b311f6-6ad0-4553-8c1a-22ca14bb39eb.filesusr.com/ugd/6cabbb_6def86fad4e9418a88b4392a2ba7b990.pdf?index=true
  • https://0de9b8be-9891-46f7-840c-1e4941d0516f.filesusr.com/ugd/1c8c1e_56eefd8bcfc2466c8d557cb57aa8069a.pdf?index=true
  • https://bd5148f0-d413-4712-8388-8336042f8748.filesusr.com/ugd/2eec94_8a6fd2acfa3c4fce854d18899611684c.pdf?index=true
  • https://67080a95-82c3-4950-899d-fe02a2a26158.filesusr.com/ugd/4fb05f_cff942a5198b44f692a1ab7df20013e7.pdf?index=true
  • https://0374fd26-f12e-4785-8d59-0bcf562d47fd.filesusr.com/ugd/cdfdba_249e7a334d0440e1818290d048940d91.pdf?index=true
  • https://d034a908-ab77-42e4-b8f6-17be673493fb.filesusr.com/ugd/8a4248_5ce323d8d2af41b087ddbe0669e36d21.pdf?index=true
  • https://ea7f6f7b-ee76-4982-9ac8-70fca99af599.filesusr.com/ugd/96564c_ae73b14d109a47a0bfc81efd33e7e8dd.pdf?index=true
  • https://06ed311c-49d9-4df6-8777-07d489bca3c1.filesusr.com/ugd/9734e7_bd091d48469e4fcf8bfa11fe9314ca49.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.