Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.link/wix?keyword=savage+worlds+toughness+calculation

  • http://nonafe.killarabyod.com.au/uploads/1/3/1/3/131398140/16321.pdf
  • http://files.roswellnorthmusic.com/uploads/1/3/1/8/131856723/fokimu-gubetiwem-fenaxalisep-jixetekof.pdf
  • http://nefaj.fijileaks.com/uploads/1/3/2/6/132682787/5ff1ce29ca22.pdf
  • http://files.aquabydesign.co.uk/uploads/1/3/1/4/131408970/gilixutepasuromugum.pdf
  • https://debdfb44-181e-46b5-ac10-c278f960bff8.filesusr.com/ugd/d1c05f_1bfa1cd65ff746d884b7d175c5739821.pdf?index=true
  • https://fe4c9c8d-c2f2-4ae8-9e53-7eec50c502f4.filesusr.com/ugd/277b62_c70ec0c622f6463daeeacb160a2a7fc0.pdf?index=true
  • https://0b561bd9-71d7-4901-a855-a1b555beb445.filesusr.com/ugd/dc8a8e_90bf3d32d7104061955bd16486661911.pdf?index=true
  • https://5de74dab-1b64-45ee-9bfc-64076b877f63.filesusr.com/ugd/595093_68fa166ee259412b988c3ce3db34d371.pdf?index=true
  • https://90f459f5-8ad9-4e10-9f58-aac4f3c20ccf.filesusr.com/ugd/54dfea_eaf2a0985de141438a205158457d75e6.pdf?index=true
  • https://1d6efe7f-ded5-402e-a8c3-fc03b539ce30.filesusr.com/ugd/4b874d_493ff9311cad471e99eef78633559698.pdf?index=true
  • https://a05ec3c7-d6a8-4cb5-a6ce-6b4f7d1fd93e.filesusr.com/ugd/ea2c45_6c5cb13810de4c078d196f08d4473fc5.pdf?index=true
  • https://7170d7ea-6863-4b3f-93b8-6fd63f013c93.filesusr.com/ugd/d4579c_2108f4ba561b4e3fb0f88dbd0d1b4b97.pdf?index=true
  • https://cdn.shopify.com/s/files/1/0439/3503/9656/files/yowhatsapp_7._99_anti_ban_apk.pdf
  • https://cdn.shopify.com/s/files/1/0439/1511/6696/files/lcd_2004_i2c_datasheet.pdf
  • https://cdn.shopify.com/s/files/1/0435/7819/6129/files/50739658003.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://0b561bd9-71d7-4901-a855-a1b555beb445.filesusr.com/ugd/dc8a8e_90bf3d32d7104061955bd16

Open this report in the interactive analyzer, or submit your own file for analysis.