Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=technology-of-machine-tools-7th-edition.pdf PDF link annotation

  • http://uncpbisdegree.com/download4.php?q=technology-of-machine-tools-7th-edition.pdfIn PDF document text
  • http://www.machautoexpo.in/In PDF document text
  • http://www.wowebook.org/In PDF document text
  • http://www.bost.es/In PDF document text
  • http://cartertools.com/In PDF document text
  • http://cembanking.com/In PDF document text
  • https://www.windpowerbigdata.com/In PDF document text
  • http://riverside-resort.net/1/tempestad-la.pdfIn PDF document text
  • http://riverside-resort.net/1/the-one-year-chronological-bible-niv.pdfIn PDF document text
  • http://riverside-resort.net/1/solution-manual-fluid-mechanics-kundu.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-estima-wiring-diagrams.pdfIn PDF document text
  • http://riverside-resort.net/1/tb415cs-trimmer-owners-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/technics-owners-manuals.pdfIn PDF document text
  • http://riverside-resort.net/1/the-brief-penguin-handbook-4th-edition.pdfIn PDF document text
  • http://riverside-resort.net/1/the-macro-economy-today.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-land-cruiser-76.pdfIn PDF document text
  • http://riverside-resort.net/1/suzuki-outboard-maintenance-schedule.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.amazon.com/Manufacturing-Engineering-Technology-Serope-Kalpakjian/dp/0133128741In PDF document text
  • https://www.amazon.com/Engineering-Transportation-Books/b?ie=UTF8&node=173507In PDF document text
  • https://www.amazon.com/Engineering-Professional-Technical-Books/b?ie=UTF8&node=173515In PDF document text
  • http://www.citationmachine.net/In PDF document text
  • https://en.wikipedia.org/wiki/Outline_of_prehistoric_technologyIn PDF document text
  • http://www.calvin.edu/library/knightcite/In PDF document text
  • https://www.gartner.com/it-glossary/business-intelligence-bi/In PDF document text
  • https://abcnews.go.com/technologyIn PDF document text
  • https://www.economist.com/technology-quarterly/2017-05-01/languageIn PDF document text
  • https://www.packtpub.com/packt/offers/free-learning/In PDF document text
  • https://www.packtpub.com/packt/offers/free-learningIn PDF document text
  • http://www.informit.com/imprint/index.aspx?st=61090In PDF document text
  • https://www.txdot.gov/inside-txdot/division/information-technology/engineering-software.htmlIn PDF document text
  • https://en.wikipedia.org/wiki/Drum_machineIn PDF document text
  • http://www.bartleby.com/In PDF document text
  • https://support.symantec.com/en_US/article.TECH106775.htmlIn PDF document text
  • http://www.dailymail.co.uk/sciencetech/article-2198013/Paralympics-2012-How-technology-transforming-Games.htmlIn PDF document text
  • https://www.bls.gov/ooh/In PDF document text
  • https://www.amazon.com/i7-7820HK-GeForce-1070-8GB-Overclocked-Windows/dp/B01NBOE95PIn PDF document text
  • https://www.amazon.com/Notebooks-Laptop-Computers/b?ie=UTF8&node=565108In PDF document text
  • https://www.amazon.com/Traditional-Laptop-Computers/b?ie=UTF8&node=13896615011In PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • http://kk.org/In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.