Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=study-questions-for-macbeth.pdf

  • http://uncpbisdegree.com/download4.php?q=study-questions-for-macbeth.pdf
  • http://www.shakespeare-online.com/plays/macbeth/macbethresources.html
  • http://maxstudy.org/English/English
  • http://www.shakespeare-online.com/quiz/macbethquiz/macbethquiz1.html
  • http://leavingcertenglish.net/2011/11/macbeth-questions/
  • http://uncpbisdegree.com/1/wicked-poems.pdf
  • http://uncpbisdegree.com/1/trigonometry-refresh-sudoku-mathbits-answer-key.pdf
  • http://uncpbisdegree.com/1/the-letters-of-ernest-hemingway-volume-1-1907-1922-cambridge-edition.pdf
  • http://uncpbisdegree.com/1/wiring-lights-in-series.pdf
  • http://uncpbisdegree.com/1/wire-diagram-6v-ford-899.pdf
  • http://uncpbisdegree.com/1/tiene-futuro-america-latina-villegas-ensayo-economico-series.pdf
  • http://uncpbisdegree.com/1/understanding-environmental-pollution.pdf
  • http://uncpbisdegree.com/1/the-unofficial-guide-to-ethical-hacking-miscellaneous-ankit-fadia.pdf
  • http://uncpbisdegree.com/1/the-suitcase-kid-jacqueline-wilson.pdf
  • http://uncpbisdegree.com/1/vurt-jeff-noon.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.sparknotes.com/shakespeare/macbeth/study-questions/
  • https://www.gradesaver.com/macbeth
  • http://www.sparknotes.com/shakespeare/macbeth/
  • https://www.cliffsnotes.com/literature/m/macbeth/study-help/quiz
  • https://www.cliffsnotes.com/literature
  • https://www.cliffsnotes.com/literature/m/macbeth/macbeth-at-a-glance
  • https://www.gradesaver.com/macbeth/study-guide/summary
  • https://www.enotes.com/topics/macbeth
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
  • https://go.microsoft.com/fwlink/?linkid=868922
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
  • http://go.microsoft.com/fwlink/?LinkID=617297
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicense

Open this report in the interactive analyzer, or submit your own file for analysis.