MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains embedded URLs and heuristics indicate it is a fake download lure, specifically designed to trick users into downloading content. The document body mimics search result snippets, further supporting the SEO poisoning and fake download pretext. The primary malicious URLs identified are http://uncpbisdegree.com/download3.php?q=volume-of-solids-tesccc-answer-key.pdf and http://uncpbisdegree.com/download4.php?q=volume-of-solids-tesccc-answer-key.pdf, which are likely gateways to further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9683
Heuristics 4
-
Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOADThe ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://uncpbisdegree.com/download3.php?q=volume-of-solids-tesccc-answer-key.pdf
- http://uncpbisdegree.com/download4.php?q=volume-of-solids-tesccc-answer-key.pdf
- http://burnscamp.org.uk/4/8/eastern-psychology-buddhism-hinduism-and-taoism.pdf
- http://riverside-resort.net/1/the-abap-developers-guide-to-java.pdf
- http://riverside-resort.net/1/sony-pcv-rx600-desktops-owners-manual.pdf
- http://riverside-resort.net/1/sprints-purple-not-so-crazy-scientist.pdf
- http://riverside-resort.net/1/the-fifth-ghost-story-megapack-tm-25-classic-haunts.pdf
- http://riverside-resort.net/1/seleccion-de-cuentos.pdf
- http://riverside-resort.net/1/twice-told-tales-nathaniel-hawthorne.pdf
- http://riverside-resort.net/1/the-mean-girl-meltdown-a-sylvie-scruggs-story.pdf
- http://riverside-resort.net/1/the-diamond-cutter-buddha-on-managing-your-business-and-life-michael-roach.pdf
- http://riverside-resort.net/1/the-fighting-men-of-the-civil-war.pdf
- http://riverside-resort.net/1/suzuki-drz-400-sm-service-manual.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
- http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
- https://go.microsoft.com/fwlink/?linkid=868922
- http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
- http://go.microsoft.com/fwlink/?LinkID=617297
- https://fedoraproject.org/wiki/Licensing/LiberationFontLicense
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003430.bin85623994e7940a60beac8a7e1c1c9edbd685193799d20807e756bcd5b3211a0b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3430 | 10460 bytes |
font_01_sfnt_off00005560.bin58e4525e054d28e0546d5768cf12c9fd0472f5798381d10165d6b79e3b205040 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5560 | 6988 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.