Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=serpentine-asbestos.pdf PDF link annotation

  • http://uncpbisdegree.com/download4.php?q=serpentine-asbestos.pdfIn PDF document text
  • http://www.galleries.com/SerpentineIn PDF document text
  • http://www.minerals.net/mineral/serpentine.aspxIn PDF document text
  • http://www.asbestos.org/#In PDF document text
  • http://www.clydebankasbestos.org/In PDF document text
  • https://www.wdol.gov/aam.aspxIn PDF document text
  • http://www.merryhillenvirotec.com/types-of-asbestos/In PDF document text
  • https://www.mesotheliomatreatmentcenters.org/blog/different-types-asbestos-substances/In PDF document text
  • https://www.asbestosremovalists.co.uk/asbestos-removal-cost/In PDF document text
  • http://www.madehow.com/Volume-4/Asbestos.htmlIn PDF document text
  • http://www.madehow.com/Volume-4/index.htmlIn PDF document text
  • https://www.asbestosremovalists.co.uk/what-does-asbestos-look-like/In PDF document text
  • http://www.home-air-purifier-expert.com/asbestos-msds.htmlIn PDF document text
  • https://inspectapedia.com/exterior/Asbestos_Cement_Siding_Roofing_History.phpIn PDF document text
  • https://inspectapedia.com/hazmat/Asbestos_Floor_Tile_in_UK.phpIn PDF document text
  • https://www.wshc.sg/files/wshc/upload/cms/file/2014/WSH__Guidelines_Management_and_Removal_of_Asbestos.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-bronze-coinage-of-great-britain.pdfIn PDF document text
  • http://uncpbisdegree.com/1/silke-income-tax-2013.pdfIn PDF document text
  • http://riverside-resort.net/1/vlsi-physical-design-interview-questions.pdfIn PDF document text
  • http://riverside-resort.net/1/with-the-utmost-possible-dispatch-poems-of-nelson-apos-s-navy.pdfIn PDF document text
  • http://uncpbisdegree.com/1/seiki-dvd-players-owners-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/used-books-service-manuals.pdfIn PDF document text
  • http://uncpbisdegree.com/1/tales-of-the-peerage-and-the-peasantry-vol-1.pdfIn PDF document text
  • http://riverside-resort.net/1/water-and-aqueous-systems-guided-answers-chemistry.pdfIn PDF document text
  • http://riverside-resort.net/1/vw-mk2-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/vw-golf-muffler-repair.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://en.wikipedia.org/wiki/AsbestosIn PDF document text
  • https://en.wikipedia.org/wiki/ChrysotileIn PDF document text
  • https://www.asbestos.com/states/In PDF document text
  • https://www.asbestos.com/exposure/In PDF document text
  • https://www.asbestos.com/asbestos/types/In PDF document text
  • https://www.asbestos.com/asbestos/In PDF document text
  • http://www.dictionary.com/browse/asbestosIn PDF document text
  • http://www.nyc.gov/html/dep/pdf/asbestos.pdfIn PDF document text
  • http://www.nyc.gov/html/dep/pdf/air/asbestos_rules_20110203.pdfIn PDF document text
  • https://www.epa.gov/asbestos/asbestos-laws-and-regulationsIn PDF document text
  • https://www.cdc.gov/niosh/docs/2003-154/pdfs/7402.pdfIn PDF document text
  • https://www.cancer.org/cancer/cancer-causes/asbestos.htmlIn PDF document text
  • https://www.cdc.gov/niosh/docs/2003-154/pdfs/7400.pdfIn PDF document text
  • http://www.gpo.gov/fdsys/pkg/CFR-2011-title40-vol31/pdf/CFR-2011-title40-vol31-part763-subpartE.pdfIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://fr.wikipedia.org/wiki/Serpentine_In PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=https%3a%2f%2ffr.wikipedia.org%2fwiki%2fSerpentine_In PDF document text

  +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.