Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.ru/wix?keyword=liberia+map+pdf

  • https://static.usrfiles.com/ugd/c345b0_62adf0f2a4d949a5b5d80cc60e035b62.pdf
  • https://static.usrfiles.com/ugd/c836c3_43700a33adb645c68419e2fe8dcaccb5.pdf
  • https://static.usrfiles.com/ugd/9e14ca_1d3e6c1bbae645d394b570a0125407aa.pdf
  • https://static.usrfiles.com/ugd/f103bb_6c37058daf2a44219f09ab4cfdf8a064.pdf
  • https://static.usrfiles.com/ugd/140efa_a16eb8fac1704bc2b9b983d320f09594.pdf
  • https://static.usrfiles.com/ugd/ac1638_9d3a19c7defe468fabe899a2d045e9f1.pdf
  • https://static.usrfiles.com/ugd/b8c837_00fb4376e5414629938bd228697599e9.pdf
  • https://static.usrfiles.com/ugd/71fd01_45404e39bf5745419a112dbf8933bae5.pdf
  • https://static.usrfiles.com/ugd/599026_025e1de8d3f54465b96310dc60ab5bf5.pdf
  • https://static.usrfiles.com/ugd/0d9a50_8c343d9924e84db2a23aadcd96671682.pdf
  • https://static.usrfiles.com/ugd/3eb4bd_0fa1f8d549774818818e737090de1ef1.pdf
  • https://static.usrfiles.com/ugd/7dd30d_9807fc8e7f894c21b365038264b5f325.pdf
  • https://static.usrfiles.com/ugd/fef806_51dfa7a3d9664b47b4a6aea450c7d2d4.pdf
  • https://static.usrfiles.com/ugd/a98ecc_c310605b74ff42719af65af2d0d3810c.pdf
  • https://static.usrfiles.com/ugd/b8c837_7153104b2f4e4ed4bfcd29b37267f57e.pdf
  • https://cdn.shopify.com/s/files/1/0431/2583/3884/files/dabujukipoviteri.pdf
  • https://cdn.shopify.com/s/files/1/0431/1393/9110/files/sesotho_bible_for_android.pdf
  • https://cdn.shopify.com/s/files/1/0429/2503/1590/files/coplanar_waveguide_with_ground_via.pdf
  • https://cdn.shopify.com/s/files/1/0435/5378/3957/files/lizuxolaxixovapapara.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.