Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=vw-golf-mk1-haynes.pdf

  • http://uncpbisdegree.com/download4.php?q=vw-golf-mk1-haynes.pdf
  • http://volkswagenownersclub.com/vw/showthread.php/26779-Disconnecting-battery-dire-consequences
  • https://www.autostyle.co.za/rubber-mudflaps-to-fit-vw-golf-mk7-set-of-4.html
  • http://www.oldclassiccar.co.uk/freeads_make/vw.htm
  • https://www.autostyle.co.za/gel-mag-decal-24654.html
  • http://www.volkswagenclub.net/model/vw-volkswagen-golf-12
  • http://www.volkswagenforum.co.uk/showthread.php?t=11467
  • http://uk-mkivs.net/topic/2672-clutch-pedal-swap-out-repair/
  • http://uk-mkivs.net/forum/50-diy-guides-and-how-to-instructions/
  • http://www.clubdediagramas.com/archivo/autos-a12/
  • http://uk-mkivs.net/topic/50427-pd-vac-line-simplification-n18-n239-valve-delete/
  • http://www.motoringbox.com/search-index/
  • https://suomenbrittifordkerho.net/markkinavoimat.php
  • http://riverside-resort.net/1/winter-at-valley-forge-facts.pdf
  • http://uncpbisdegree.com/1/the-battle-of-berlin-summary.pdf
  • http://uncpbisdegree.com/1/the-cubies-abc.pdf
  • http://riverside-resort.net/1/waece-answer-for-mathematics.pdf
  • http://riverside-resort.net/1/unleash-your-true-potential-diviniti-diviniti-diviniti-divinity.pdf
  • http://riverside-resort.net/1/your-office-microsoft-excel-comprehensive.pdf
  • http://riverside-resort.net/1/wind-power-poems.pdf
  • http://uncpbisdegree.com/1/southern-silk-road-in-the-footsteps-of-sir-aurel-stein-and-sven-hedin.pdf
  • http://uncpbisdegree.com/1/student-electromagnetic-fields-gizmo-answer-key.pdf
  • http://uncpbisdegree.com/1/sony-home-safety-product-user-manual.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://www.gumtree.com/p/volkswagen/-superb-2009-new-shape-vw-golf-2.0-tdi-s-timing-belt-done.-low-miles-76k-/1279084308
  • https://www.gumtree.co.za/s-mazda+323/page-6/v1q0p6
  • https://pl.wikipedia.org/wiki/Volkswagen_Garbus
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=PL_EN&a=https%3a%2f%2fpl.wikipedia.org%2fwiki%2fVolkswagen_Garbus
  • https://www.scribd.com/document/159031141/Astra-Fault-Codes
  • https://en.wikipedia.org/wiki/Mini
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
  • https://go.microsoft.com/fwlink/?linkid=868922
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
  • http://go.microsoft.com/fwlink/?LinkID=617297
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicense

Open this report in the interactive analyzer, or submit your own file for analysis.