Malicious PDF — malware analysis report

Heuristics 4

• PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
  PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=trout-and-salmon-flies-of-ireland.pdf

  • http://uncpbisdegree.com/download4.php?q=trout-and-salmon-flies-of-ireland.pdf
  • https://www.troutline.ro/trout-salmon-flies-of-ireland-8637
  • http://irelandflyfishing.com/the-fishing/
  • https://www.anglebooks.com/trout-and-salmon-flies-of-ireland-by-peter-o-reilly-39255.html
  • https://thetroutspot.com/blogs/fishing-reports
  • https://www.thetroutspot.com/collections/fly-tying
  • https://www.thetroutspot.com/collections/body-material-rubber-legs
  • https://www.thetroutspot.com/collections/caddis-nymph-flies
  • http://riverside-resort.net/1/suzuki-burgman-150-user-manual.pdf
  • http://riverside-resort.net/1/the-doctors-secret-bride-kindle-edition-ana-e-ross.pdf
  • http://riverside-resort.net/1/transgressing-the-modern-explorations-in-the-western-experience-of-otherness.pdf
  • http://riverside-resort.net/1/tennis-lingo.pdf
  • http://riverside-resort.net/1/table-that-summarize-respiration.pdf
  • http://riverside-resort.net/1/suzuki-lt-700-manual.pdf
  • http://riverside-resort.net/1/the-choosing-blood-and-brotherhood-1-jeremy-laszlo.pdf
  • http://riverside-resort.net/1/service-repair-manual-suzuki-ltz-2006.pdf
  • http://riverside-resort.net/1/sony-srf-46-radios-owners-manual.pdf
  • http://riverside-resort.net/1/ss2-question-paper-2018.pdf
  • https://www.anglebooks.com/trout-and-salmon-flies-of-ireland-by
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://www.amazon.com/Trout-Salmon-Flies-Ireland-OReilly/dp/1873674198
  • https://www.amazon.com/books-used-books-textbooks/b?ie=UTF8&node=283155
  • https://www.amazon.com/Sports-Books/b?ie=UTF8&node=26
  • https://www.amazon.com/Winter-Sports-Books/b?ie=UTF8&node=16676
  • https://www.goodreads.com/book/show/3376462-trout-and-salmon-flies-of-ireland
  • https://www.amazon.com/product-reviews/1873674198
  • https://www.amazon.com/Trout-Salmon-Flies-Ireland-OReilly/product-reviews/1873674198
  • https://174115855.r.bat.bing.com/?ld=d3yYWgq6UX0AP9O0PQlBY3ZjVUCUxV-mO7M-eYIVs5NFGFNI26a_PRIBSJELY9ZlEwlfC3i9KvzdruMzqvZJLgGZxLQEu86mFeiCGj2QrVSgxG3TWNepZ7tWbVpF9AjIm1nVxlCbBldJSlCiFmIkiFUPS0pU04uu0MpWMRDeB0czS9OD1E&u=http%3a%2f%2fwww.thetroutspot.com
  • https://157104623.r.bat.bing.com/?ld=d3covmjwHEBYRl0OsOw2H0UzVUCUyJddyR8tPRtvSEmjqvwe-IZtQ2OpuG5fe0dAJDdLG1iN0dIz-vMybG99V3miShAwipukkLK3A8_mLYpxGoN3rVr-8HlJ-fKBF_Ig6Y65RFBK3j_dkF0TzINip9IqeneBbx_2T4YuQEZqWSFtHcv22c&u=https%3a%2f%2fwww.guardengine.com%2fge13%2fsearch%2fweb%3ffcoid%3d417%26fcop%3dtopnav%26fpid%3d27%26q%3dTrout%2520Flies%2520Ireland%26msclkid%3d%7bmsclkid%7d
  • https://46119975.r.bat.bing.com/?ld=d3iYwiZjvAo9KZkvlUvqfnrDVUCUwohuUhDaQgFe_kAP2rz2FaO9zd7vhQVp69B38vD-CBZA6Czmeir63_rYSWvNqeJoE1Q5B99b8ZNJZp4ltuMDgF479rfKJjtoAkzTUtB_ml2NaglIZSClIrG3_lIpBsBgIky0cebbekE_LZXW0vshuO&u=http%3a%2f%2fwww.zapmetasearch.com%2fws%3fq%3dsalmon%2520flies%2520patterns%26asid%3dzm_us_ba_6_cg1_07%26de%3dc
  • http://choice.microsoft.com
  • http://go.microsoft.com/fwlink/?LinkID=617350
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
  • https://go.microsoft.com/fwlink/?linkid=868922
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
  • http://go.microsoft.com/fwlink/?LinkID=617297
  • https://www.goodreads.com/book/show/3376462-trout-and-salmon-flies
  • https://www.amazon.com/Trout-Salmon-Flies-Ireland-OReilly/product
  • https://38002592.r.bat.bing.com/?ld=d3LUxFKCfZ99Yzg4lyD_zI8zVUCUyweqn1T1BTH0LNfGsjibbOyyWSGGnwxravWilxH3Xw_BBbGxQMm19fvOElqyhSrYBAPkovbwRh9VzoVAJ6ZUI5Pad1JFNlv3U4UaA7MVpiG8OWrBEUsvAMfWoKi9mvOKzH_2At2eM4hzwPjxuMUr-2&u=http%3a%2f%2fclickserve.dartsearch.net%2flink%2fclick%3flid%3d43700027170615812%26ds_s_kwgid%3d58700003410122656%26%26ds_e_adid%3d75316548119232%26%26ds_url_v%3d2%26ds_dest_url%3dhttps%3a%2f%2fwww.aerlingus.com%2fhtml%2fen-CA%2fhome.html%3f%26utm_source%3dbing%26utm_medium%3dcpc%26utm_campaign%3dSearch%2520-%2520US%2520-%2520Non-Brand%2520-%2520TA%257CCA%257CIE%257CCountry%257CGeneric%2520-%2520Ireland%2520-%2520BMM%26utm_term%3d%252Bfly%2520%252Bto%2520%252Bireland%26utm_content%3dDA%257CGeneric_Ireland
  • https://38002592.r.bat.bing.com/?ld=d36GI-hv7luLwpyCpATDMrFjVUCUzmLyKZ4QQUETWX-RMW6gQRF_Vie313Px737I-OxwCYxw2GXGec18YYnxAhbSgeSTZgFiN4NdywqpCVyDqrqyTXZgdOf0Tv_ANgxvVOHP7zAuug4QCksqLmvJeCRNeGgwMc2P3LM5Mza78ZYI3__8GV&u=http%3a%2f%2fclickserve.dartsearch.net%2flink%2fclick%3flid%3d43700027170615812%26ds_s_kwgid%3d58700003410122656%26ds_x_adxid%3d83700000919911128%26ds_x_adxtype%3d1%26ds_e_adid%3d75316548119232%26%26ds_url_v%3d2%26ds_dest_url%3dhttps%3a%2f%2fwww.aerlingus.com%2fplan-and-book%2flatest-offers%2fflights-from-usa%2fsmart-chooses-aer-lingus%2f%3futm_source%3dbing%26utm_medium%3dppc_sitelink%26utm_campaign%3direland%23%2f0%26utm_source%3dbing%26utm_medium%3dcpc%26utm_campaign%3dSearch%2520-%2520US%2520-%2520Non-Brand%2520-%2520TA%257CCA%257CIE%257CCountry%257CGeneric%2520-%2520Ireland%2520-%2520BMM%26utm_term%3d%252Bfly%2520%252Bto%2520%252Bireland%26utm_content%3dDA%257CGeneric_Ireland
  • https://38002592.r.bat.bing.com/?ld=d3mZV9B7igOlySv9686KiRkTVUCUylcreFI0qkXEwOnhrykcJ9_RT31T0bUZ9BEs8AmNpZianWiTfW0k3hOelZ5M0XsXS0Y9t81xDkEoapJWOv9uJOk3JoVPqs8glN8YUEUNIVVncmjV_r35YYN-fDqYevCGfenAD8aOaXs9njan-Z55VZ&u=http%3a%2f%2fclickserve.dartsearch.net%2flink%2fclick%3flid%3d43700027170615812%26ds_s_kwgid%3d58700003410122656%26ds_x_adxid%3d83700000919911140%26ds_x_adxtype%3d1%26ds_e_adid%3d75316548119232%26%26ds_url_v%3d2%26ds_dest_url%3dhttps%3a%2f%2fwww.aerlingus.com%2fplan-and-book%2flatest-offers%2fflights-from-usa%2fsaver-fares%26utm_source%3dbing%26utm_medium%3dcpc%26utm_campaign%3dSearch%2520-%2520US%2520-%2520Non-Brand%2520-%2520TA%257CCA%257CIE%257CCountry%257CGeneric%2520-%2520Ireland%2520-%2520BMM%26utm_term%3d%252Bfly%2520%252Bto%2520%252Bireland%26utm_content%3dDA%257CGeneric_Ireland
  • https://0.r.bat.bing.com/?ld=d3DXXcf8tDcHSi9RG9i-RFTTVUCUzcsATnm4V-vWUNucrheZnYAcEY6Ack-gQYtq1Cmu_F32Q4AANMgeG3w5WogN59D1QrrsCwDvdgLCAFx_7wnqpXi4qXBGAyltbCPYPxfbw-DNYpEMrhRmqitHcsAav0GUeO12GeOdvtL1cYNbyPflIl&u=http%3a%2f%2ftracker.marinsm.com%2frd%3fcid%3dvkkb7e0xh0%26mkwid%3dbfrz6ntA%26pcrid%3d73392450956934%26pdv%3dc%26lp%3dhttps%3a%2f%2fwww.abebooks.com%2fservlet%2fBookDetailsPL%3fbi%3d22858200896%26cm_mmc%3dmsn-_-nonisbn-_-PLA-_-v01%2526cm_mmc%253Dmsn-_-Bing%252BUS%252BShopping-_-Ad%252Bgroup%252B%2525231-_-%7bproduct_groups%7d
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicense

Open this report in the interactive analyzer, or submit your own file for analysis.