MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF is flagged as malicious and uses SEO poisoning techniques to trick users into downloading a file. The document body contains multiple references to the malicious URL http://uncpbisdegree.com/download3.php?q=walk-behind-lawn-mower-repair-manual-craftsman.pdf, which is likely the gateway to a second-stage payload. No scripts were extracted, but the overall pattern suggests a phishing lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.8007
Heuristics 4
-
Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOADThe ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://uncpbisdegree.com/download3.php?q=walk-behind-lawn-mower-repair-manual-craftsman.pdf
- http://uncpbisdegree.com/download4.php?q=walk-behind-lawn-mower-repair-manual-craftsman.pdf
- https://bestlawnmower2017.com/
- http://lawnandgarden.manualsonline.com/manuals/mfg/craftsman/craftsman_lawn_mower_product_list.html
- http://www.repairfaq.org/sam/lmfaq.htm
- http://www.mtdparts.com/equipment/mtdparts/bolens-walk-behind-11a-020w765
- https://www.drpower.com/power-equipment/field-brush-mowers/walk-behind/at4-16-5hp-b-s-es-pro-xl-30in-new-50st.axd
- https://www.drpower.com/power-equipment/field-brush-mowers/
- https://www.drpower.com/power-equipment/field-brush-mowers/walk-behind/
- http://www.mtdparts.com/equipment/mtdparts/knowledge-center/repairs/find-dealer-for-repairs
- https://electrosawhq.com/walk-behind-string-trimmer-reviews/
- http://www.lawnmower-manuals.info/s/Huskee/
- http://www.repairfaq.org/samnew/lmfaq.htm
- https://www.allmowerspares.com.au/talon/
- https://www.allmowerspares.com.au/rover/
- http://www.top5lawnmowers.com/what-nobody-explained-to-you-about-self-propelled-lawn-mower-reviews/
- http://www.mowpart.com/
- https://www.drpower.com/power-equipment/leaf-lawn-vacuums/tow-behind-leaf-vacs/prompt-for-ll2-16-96-pro-xl-new.axd
- https://www.drpower.com/power-equipment/leaf-lawn-vacuums/
- https://www.drpower.com/power-equipment/leaf-lawn-vacuums/tow-behind-leaf-vacs/
- http://uncpbisdegree.com/1/the-classic-doctor-who-dvd-compendium-every-disc-every-episode-every-extra.pdf
- http://uncpbisdegree.com/1/the-inheritance-tamera-alexander.pdf
- http://riverside-resort.net/1/workshop-manual-ford-fiesta-mk-8.pdf
- http://uncpbisdegree.com/1/sombras-de-tejado.pdf
- http://uncpbisdegree.com/1/shakespeare-apos-s-comedies-a-guide-to-criticism.pdf
- http://uncpbisdegree.com/1/software-to-design-business-cards-online.pdf
- http://uncpbisdegree.com/1/tell-it-slant-writing-and-shaping-creative-nonfiction-brenda-miller.pdf
- http://uncpbisdegree.com/1/stickers-design-for-car.pdf
- http://riverside-resort.net/1/wiring-diagram-corolla-1-6l-5a-fe.pdf
- http://riverside-resort.net/1/women-in-new-world-order-1st-edition.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://www.homedepot.com/p/Honda-21-in-3-in-1-Variable-Speed-Gas-Walk-Behind-Self-Propelled-Lawn-Mower-with-Auto-Choke-HRR216VKA/203709643
- https://www.husqvarna.com/us/products/walk-behind-lawn-mowers/hu725awd/961430103/
- https://www.husqvarna.com/us/
- https://www.husqvarna.com/us/products/walk-behind-lawn-mowers/
- https://www.homedepot.com/p/Yard-Machines-21-in-140-cc-OHV-Briggs-and-Stratton-Walk-Behind-Gas-Self-Propelled-Mower-12A-A1BA729/204686154
- http://www.acehardware.com/product/index.jsp?productId=3870461
- https://www.amazon.com/Honda-HRR216K9VKA-Variable-Speed-Self-Propelled/dp/B00CSN4Y4A
- https://www.amazon.com/b?ie=UTF8&node=4543152011
- https://www.amazon.com/Husqvarna-21-Inch-GCV160-Powered-Wheels/dp/B00280MVAC
- https://www.amazon.com/Roll-into-Spring-Patio-Lawn-Garden/b?ie=UTF8&node=8317501011
- https://www.amazon.com/Green-Thumb/b?ie=UTF8&node=8590576011
- https://www.manualslib.com/manual/430587/Craftsman-917.html
- https://www.manualslib.com/brand/craftsman/
- https://www.manualslib.com/brand/craftsman/lawn-mower.html
- https://www.manualslib.com/products/Craftsman-917-189611.html
- https://www.todayshomeowner.com/lawn-mower-maintenance/
- http://www.sears.com/craftsman-160cc-self-propelled-lawn-mower/p-07137830000P
- https://www.consumerreports.org/cro/lawn-mowers/buying-guide/index.htm
+6 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005a3e.bin17d5184baa7285e1998688c58188d44ebd7503ede9b67fc5e4fcf1ada78aa3b9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A3E | 10292 bytes |
font_01_sfnt_off00007aff.bin652868fb58f73860d29aacdac894f3540f4b414c01958d27dee41f93aae3b866 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7AFF | 7136 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.