Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=verizon-4g-lte-pantech-manual.pdf

  • http://uncpbisdegree.com/download4.php?q=verizon-4g-lte-pantech-manual.pdf
  • https://b3n.org/verizon-4g-lte-rural-internet/
  • http://riverside-resort.net/1/the-cornered-cat-a-womans-guide-to-concealed-carry.pdf
  • http://riverside-resort.net/1/the-farm-tom-rob-smith.pdf
  • http://riverside-resort.net/1/tennessee-medical-laboratory-board-newsletter.pdf
  • http://riverside-resort.net/1/the-sbl-handbook-of-style.pdf
  • http://riverside-resort.net/1/solutions-brigham-financial-management-brigham-11th-edition.pdf
  • http://riverside-resort.net/1/toronto-catholic-district-school-board.pdf
  • http://riverside-resort.net/1/the-giant-book-of-horror-stories.pdf
  • http://riverside-resort.net/1/true-blue-and-carreras-bride-harlequin-bestsellers.pdf
  • http://riverside-resort.net/1/the-storybook-of-legends-ever-after-high-1-shannon-hale.pdf
  • http://riverside-resort.net/1/tiered-response-ems-system.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://www.verizonwireless.com/accessories/samsung-4g-lte-network-extender-2/
  • https://www.verizonwireless.com/accessories/
  • https://www.verizonwireless.com/accessories/signal-boosters/
  • https://www.verizonwireless.com/accessories/signal-boosters/samsung/
  • https://www.verizonwireless.com/support/lg-exalt-lte/
  • https://www.verizonwireless.com/support/lg/
  • https://www.manualslib.com/manual/807315/Pantech-Uml290.html
  • https://www.manualslib.com/brand/
  • https://www.manualslib.com/brand/pantech/
  • https://www.manualslib.com/brand/pantech/modem.html
  • https://www.manualslib.com/products/Pantech-Uml290-3565861.html
  • https://en.wikipedia.org/wiki/Samsung_Galaxy_S
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
  • https://go.microsoft.com/fwlink/?linkid=868922
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
  • http://go.microsoft.com/fwlink/?LinkID=617297
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicense

Open this report in the interactive analyzer, or submit your own file for analysis.