Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=volvo-penta-b20-motor.pdf

  • http://uncpbisdegree.com/download4.php?q=volvo-penta-b20-motor.pdf
  • https://www.go2marine.com/category/13677/volvo-penta-cooling-parts.html
  • http://www.scandcar.com/motortypen-volvo/
  • http://www.swedishbricks.net/faq/engb20.html
  • http://www.tomspeedmotorsport.com/32354162
  • http://www.kgtrimning.org/
  • https://www.manuals.help/document_quotation2.php
  • http://www.v-performance.com/products/printable_catalog.html
  • https://www.tinustuning.nl/
  • http://www.rodarummet.net/myra/penta.html
  • http://drevdelar.se/
  • http://www.scandcar.nl/plaatwerk-onderdelen-volvo-pv-444544445210/
  • http://www.ada.dnrpa.gov.ar/SCRIPTS/ADUBI01.IDC
  • http://www.scandcar.nl/volvo-onderdelen-webshop/
  • https://www.guloggratis.dk/sport/baade/motorbaad/q-25+fod/
  • http://www.speedhunters.com/2014/09/worlds-wildest-ford-anglia/
  • http://www.v-performance.com/products/air_fuel.html
  • http://www.carburateurwinkel.nl/
  • http://www.fcpablog.com/by-tag/
  • http://riverside-resort.net/1/tesser-a-dragon-among-us-novel-of-the-reemergence-1-chris-philbrook.pdf
  • http://riverside-resort.net/1/the-belial-library-series-2-rd-brady.pdf
  • http://riverside-resort.net/1/three-of-chinas-mighty-men.pdf
  • http://riverside-resort.net/1/understanding-australian-accounting-wiley-solutions.pdf
  • http://riverside-resort.net/1/the-burma-road-the-epic-story-of-the-china-burma-india-theater-in-world-war-ii.pdf
  • http://riverside-resort.net/1/statics-meriam-7th.pdf
  • http://riverside-resort.net/1/the-independent-expatriate.pdf
  • http://riverside-resort.net/1/the-most-advanced-and-complete-shop-refilling-solution-in.pdf
  • http://riverside-resort.net/1/studies-in-bryant-a-text-book.pdf
  • http://riverside-resort.net/1/the-big-screen-story-of-movies-and-what-they-have-done-to-us-david-thomson.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://en.wikipedia.org/wiki/Volvo_Cars
  • https://en.wikipedia.org/wiki/Volvo_Redblock_Engine
  • https://www.marktplaats.nl/z/volvo-b18.html?query=volvo
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=NL_EN&a=https%3a%2f%2fwww.marktplaats.nl%2fz%2fvolvo-b18.html%3fquery%3dvolvo%2520b18
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=NO_EN&a=http%3a%2f%2fwww.tomspeedmotorsport.com%2f32354162
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=SV_EN&a=http%3a%2f%2fwww.kgtrimning.org%2f
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=NL_EN&a=https%3a%2f%2fwww.tinustuning.nl%2f
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=SV_EN&a=http%3a%2f%2fwww.rodarummet.net%2fmyra%2fpenta.html
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=SV_EN&a=http%3a%2f%2fdrevdelar.se%2f
  • https://sv.wikipedia.org/wiki/Lista_%C3%B6ver_Volvomotorer
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=SV_EN&a=https%3a%2f%2fsv.wikipedia.org%2fwiki%2fLista_%25C3%25B6ver_Volvomotorer
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=NL_EN&a=http%3a%2f%2fwww.scandcar.nl%2fplaatwerk-onderdelen-volvo-pv-444544445210%2f
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=NL_EN&a=http%3a%2f%2fwww.scandcar.nl%2fvolvo-onderdelen-webshop%2f
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=DA_EN&a=https%3a%2f%2fwww.guloggratis.dk%2fsport%2fbaade%2fmotorbaad%2fq-25%2bfod%2f
  • https://www.trademe.co.nz/motors/boats-marine/parts-accessories/engine-parts
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=NL_EN&a=http%3a%2f%2fwww.carburateurwinkel.nl%2f
  • http://go.microsoft.com/fwlink/?LinkID=617350
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409

  +5 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.