Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=vista-higher-learning-spanish-workbook-answers-leccion-6.pdf

  • http://uncpbisdegree.com/download4.php?q=vista-higher-learning-spanish-workbook-answers-leccion-6.pdf
  • http://spanishclassteixeira.weebly.com/uploads/1/3/2/4/13241249/l06_answers_cuaderno_de_practica.pdf
  • http://habnix.de/vista/higher/vista_higher_learning_spanish_workbook_answers_leccion_6.pdf
  • http://riverside-resort.net/pdfs/leccion-6-vhl-answer-key.pdf
  • https://vistahigherlearning.com/
  • https://hjagroup.co.uk/books/2360a9/vista_higher_learning_spanish_workbook_answers_leccion_6_pdf.pdf
  • http://uncpbisdegree.com/download/vhlcentral-answer-key-leccion-7.pdf
  • http://uncpbisdegree.com/1/the-yellow-bird-classic-adventures.pdf
  • http://uncpbisdegree.com/1/vahid-solutions.pdf
  • http://uncpbisdegree.com/1/yamaha-majesty-yp125-r-service-manual.pdf
  • http://uncpbisdegree.com/1/the-long-mars-earth-3-terry-pratchett.pdf
  • http://uncpbisdegree.com/1/volvo-xc70-check-engine.pdf
  • http://uncpbisdegree.com/1/why-is-oklahoma-having-so-many-earthquakes-2016.pdf
  • http://uncpbisdegree.com/1/world-of-genetics-answer-key.pdf
  • http://uncpbisdegree.com/1/troubleshooting-electronic-equipment.pdf
  • http://uncpbisdegree.com/1/twelve-days-teresa-hill.pdf
  • http://uncpbisdegree.com/1/the-sunday-times-concise-crossword-book-4-bk-4.pdf
  • https://vistahigherlearning.com
  • https://hjagroup.co.uk/books/2360a9/vista_higher_learning_spanish
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://www.coursehero.com/file/13745341/Workbook-Answer-Key/
  • http://docplayer.net/31130600-Vista-higher-learning-descubre-2-workbook-answers.html
  • https://quizlet.com/subject/vista-higher-learning/
  • https://www.youtube.com/watch?v=fpW4_FPTIgo
  • https://www.youtube.com/watch?v=ltOFWIHiFgw
  • https://quizlet.com/subject/spanish-vocab-descubre-vista-higher-learning/
  • http://go.microsoft.com/fwlink/?LinkID=617350
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
  • https://go.microsoft.com/fwlink/?linkid=868922
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
  • http://go.microsoft.com/fwlink/?LinkID=617297
  • https://www.coursehero.com/file/13745341/Workbook-Answer-Key
  • https://quizlet.com/subject/vista-higher-learning
  • https://quizlet.com/.../spanish-vocab-descubre-vista-higher-learning
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicense

Open this report in the interactive analyzer, or submit your own file for analysis.