Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=troubleshooting-on-13hp-engine.pdf PDF link annotation

  • http://uncpbisdegree.com/download4.php?q=troubleshooting-on-13hp-engine.pdfIn PDF document text
  • http://www.spxprecision.com/honda-13-hp-engine-service-manual.pdfIn PDF document text
  • https://www.vpowerequipment.com/parts/engine-parts-carburetors/recoil-starter-261In PDF document text
  • http://www.industrialaircompressors.biz/champion-gas-diesel-air-compressorsIn PDF document text
  • http://www.buggiesgonewild.com/gas-club-car/703-1991-club-car.htmlIn PDF document text
  • http://www.buggiesgonewild.com/gas-club-car/In PDF document text
  • http://www.pccmotor.com/ind.htmlIn PDF document text
  • http://www.marineengine.com/manuals/johnson/In PDF document text
  • http://www.marineengine.com/manuals/In PDF document text
  • https://www.drpower.com/pages/content/customer-support/product-support/field-brush-mowersIn PDF document text
  • https://www.lawnsite.com/threads/honda-gx390-3600-psi-pressure-washer-starts-then-dies-every-time.362327/In PDF document text
  • https://www.lawnsite.com/categories/equipment.279/In PDF document text
  • https://www.lawnsite.com/forums/mechanic-and-repair.35/In PDF document text
  • http://www.urban-access.co.uk/searchIn PDF document text
  • http://riverside-resort.net/1/the-rhyme-reason-and-rhetoric-of-freeman-hall-jr-reverenced-reflections.pdfIn PDF document text
  • http://riverside-resort.net/1/the-christmas-plains.pdfIn PDF document text
  • http://riverside-resort.net/1/ssbn-631.pdfIn PDF document text
  • http://riverside-resort.net/1/toro-521-snowblower-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/the-greenhouse-effect-policy-implications-of-global-warning.pdfIn PDF document text
  • http://riverside-resort.net/1/the-illustrated-wrinklies-wit-and-wisdom-humorous-quotations-on-getting-on-a-bit.pdfIn PDF document text
  • http://riverside-resort.net/1/solutions-manual-for-probability-and-statistics-degroot.pdfIn PDF document text
  • http://riverside-resort.net/1/stitch-on-the-double-easy-quilt-projects-to-sew-on-the-go.pdfIn PDF document text
  • http://riverside-resort.net/1/the-citizen-volume-3.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-belta-service-manual.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.jackssmallengines.com/diy/small-engine-troubleshooting/In PDF document text
  • https://www.manualslib.com/manual/156502/Snapper-Coronet-Re-200-Series.htmlIn PDF document text
  • https://www.manualslib.com/brand/snapper/lawn-mower.htmlIn PDF document text
  • https://www.manualslib.com/products/Snapper-Coronet-Re-200-Series-2050237.htmlIn PDF document text
  • http://manuals.deere.com/cceomview/OMM142698_I0/Output/OMM142698_I09.htmlIn PDF document text
  • https://www.manualslib.com/manual/786639/Ferris-Hydrocut-Series.htmlIn PDF document text
  • https://www.manualslib.com/brand/ferris/lawn-mower.htmlIn PDF document text
  • https://www.manualslib.com/products/Ferris-Hydrocut-Series-3525830.htmlIn PDF document text
  • http://manuals.deere.com/cceomview/OMM142612_D7/Output/OMM142612_C09.htmlIn PDF document text
  • http://www.cubcadet.com/webapp/wcs/stores/servlet/DisplayOwnersManualList?storeId=10051&catalogId=14101&langId=-1&logoCode=01&modelNumber=13&serialNumber=In PDF document text
  • http://www.cubcadet.com/equipment/cubcadetIn PDF document text
  • https://www.gumtree.co.za/s-petrol+lawnmower/page-3/v1q0p3In PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.