Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=the-romeo-and-juliet-code.pdf In PDF document text

  • http://uncpbisdegree.com/download4.php?q=the-romeo-and-juliet-code.pdfIn PDF document text
  • http://www.phoebestone.com/romeo.htmIn PDF document text
  • https://robloxmusic.com/codes/detail/121520-trippie-red-romeo-and-julietIn PDF document text
  • http://www.pubwire.com/DownloadDocs/PDFiles/SHAKESPR/TRAGEDY/RMEOJLET.PDFIn PDF document text
  • http://uncpbisdegree.com/1/stevenson-operations-management-theory-and-practice-11e.pdfIn PDF document text
  • http://uncpbisdegree.com/1/swan-peak-dave-robicheaux-17-james-lee-burke.pdfIn PDF document text
  • http://uncpbisdegree.com/1/test-answers-for-edgenuity-chemistry.pdfIn PDF document text
  • http://uncpbisdegree.com/1/street-triple-manual.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-arts-good-study-guide.pdfIn PDF document text
  • http://uncpbisdegree.com/1/suzuki-55-outboard-owners-manual.pdfIn PDF document text
  • http://uncpbisdegree.com/1/sullivan-statistics-4th-edition-answers.pdfIn PDF document text
  • http://riverside-resort.net/1/what-countries-are-considered-eastern-european.pdfIn PDF document text
  • http://riverside-resort.net/1/visionaire-oxygen-concentrator-manual.pdfIn PDF document text
  • http://uncpbisdegree.com/1/service-manual-for-520-jcb-loadall.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.amazon.com/Romeo-Juliet-Code-Phoebe-Stone/dp/0545218276In PDF document text
  • https://www.amazon.com/books-used-books-textbooks/b?ie=UTF8&node=283155In PDF document text
  • https://www.amazon.com/Childrens-Books/b?ie=UTF8&node=4In PDF document text
  • https://www.amazon.com/Literature-Childrens-Books/b?ie=UTF8&node=2966In PDF document text
  • https://www.goodreads.com/book/show/8431116-the-romeo-and-juliet-codeIn PDF document text
  • https://www.barnesandnoble.com/w/romeo-and-juliet-code-phoebe-stone/1100178236In PDF document text
  • https://www.bookbrowse.com/bb_briefs/detail/index.cfm/ezine_preview_number/5962/the-romeo-and-juliet-codeIn PDF document text
  • http://blogs.slj.com/afuse8production/2011/11/08/review-of-the-day-the-romeo-and-juliet-code-by-phoebe-stone/In PDF document text
  • https://www.kirkusreviews.com/book-reviews/phoebe-stone/romeo-and-juliet-code/In PDF document text
  • https://en.wikipedia.org/wiki/Romeo_and_JulietIn PDF document text
  • https://en.wikipedia.org/wiki/Romeo_and_Juliet#CharactersIn PDF document text
  • https://en.wikipedia.org/wiki/Romeo_and_Juliet#SynopsisIn PDF document text
  • https://en.wikipedia.org/wiki/Romeo_and_Juliet#SourcesIn PDF document text
  • https://en.wikipedia.org/wiki/Romeo_and_Juliet#Date_and_textIn PDF document text
  • https://en.wikipedia.org/wiki/Romeo_and_Juliet#Themes_and_motifsIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.