Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=understand-chinese-mythology-teach-yourself.pdf In PDF document text

  • http://uncpbisdegree.com/download4.php?q=understand-chinese-mythology-teach-yourself.pdfIn PDF document text
  • http://homeschoolingbible.com/should-we-teach-mythology/In PDF document text
  • http://www.livingmyths.com/In PDF document text
  • https://www.onlinecollege.org/2009/05/27/100-free-courses-to-teach-yourself-world-history/In PDF document text
  • http://www.gay-art-history.org/In PDF document text
  • http://www.mythesgrecs.com/In PDF document text
  • http://freya.theladyofthelabyrinth.com/In PDF document text
  • http://nirmukta.com/2012/07/26/jaggi-vasudev-doesnt-understand-science-or-the-nature-of-the-universe/In PDF document text
  • http://www.hipscopes.com/In PDF document text
  • http://seattlecombatives.com/?page_id=17In PDF document text
  • https://www.tera-byte.com/In PDF document text
  • http://tao-mother.org/In PDF document text
  • http://educate-yourself.org/mc/illumformula5Bchap.shtmlIn PDF document text
  • http://www.sociosite.net/topics/aging.phpIn PDF document text
  • http://www.dimension1111.com/astrology-the-moon-sign.htmlIn PDF document text
  • https://www.businessballs.com/health-and-wellbeing/dance-history-theory-benefits-dance-teaching-1724/In PDF document text
  • https://www.businessballs.com/course/In PDF document text
  • https://www.businessballs.com/health-and-wellbeing/In PDF document text
  • http://www.yinyoga.com/yin_teacher_directory.phpIn PDF document text
  • https://www.zxzxzx.info/highschool-dxd/In PDF document text
  • http://www.roerich.org/roerich-writings-shambhala.phpIn PDF document text
  • http://www.realjewnews.com/?p=642In PDF document text
  • http://edzardernst.com/2013/04/reiki-neither-plausible-nor-effective-nor-harmless/In PDF document text
  • http://riverside-resort.net/1/sony-dvd-architect-40-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/the-mcquaig-occupational-test-answers.pdfIn PDF document text
  • http://riverside-resort.net/1/the-grafters-handbook.pdfIn PDF document text
  • http://riverside-resort.net/1/solution-focused-brief-therapy-fastceus.pdfIn PDF document text
  • http://riverside-resort.net/1/takeuchi-tl-140-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-rzh-102-repair-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/title-exploring-american-histories-volume-1-a-brief-survey.pdfIn PDF document text
  • http://riverside-resort.net/1/the-a-list-a-novel.pdfIn PDF document text
  • http://riverside-resort.net/1/topics-for-an-example-paper.pdfIn PDF document text
  • http://riverside-resort.net/1/skagen-486sgsc-watches-owners-manual.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.ancient-origins.net/opinion-guest-authors/squirrel-fuzzy-messengers-ancient-underworld-little-known-archetype-mythology-021729In PDF document text
  • https://www.wikihow.com/Write-a-MythIn PDF document text
  • http://www.yourdictionary.com/articles/7th-gradeIn PDF document text
  • https://en.wikipedia.org/wiki/ConfucianismIn PDF document text
  • https://en.wikipedia.org/wiki/Yue_FeiIn PDF document text
  • https://www.commonlit.org/texts/emmett-tillIn PDF document text
  • http://www.easybib.com/In PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.