Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=the-minds-of-billy-milligan.pdf

  • http://uncpbisdegree.com/download4.php?q=the-minds-of-billy-milligan.pdf
  • http://www.astraeasweb.net/plural/milligan.html
  • https://listelist.com/billy-milligan-kimdir/
  • http://www.clinicalsocialwork.com/integration.html
  • http://www.astraeasweb.net/plural/forensic.html
  • http://www.ropermike.com/trouble/10.php
  • http://amandagreenauthor.co.uk/300-famous-people-celebrities-who-have-suffered-with-mental-illness-or-issues-help-highlight-the-stigma-in-our-society/
  • https://poemanalysis.com/the-class-game-by-mary-casey-poem-analysis/
  • https://poemanalysis.com/category/mary-casey/
  • https://poemanalysis.com/exposure-wilfred-owen-poem-analysis/
  • https://poemanalysis.com/category/wilfred-owen/
  • http://www.ropermike.com/trouble/title-index-p.php
  • http://www.sonurocks.com/sybil-the-true-story-of-a-woman-possessed-by-16-separate-personalities-english.pdf
  • http://dpsinfo.com/dps/2014.html
  • http://www.oldxaveriansfc.com/?history
  • http://www.rocklistmusic.co.uk/Never_A_Dull_Moment_1971.htm
  • http://riverside-resort.net/1/student-solutions-manual-for-contemporary-abstract-algebra-2.pdf
  • http://riverside-resort.net/1/the-history-of-freemasonry-in-virginia.pdf
  • http://riverside-resort.net/1/titan-unveiled-saturns-mysterious-moon-explored.pdf
  • http://riverside-resort.net/1/the-professional-activity-manager-and-consultant.pdf
  • http://riverside-resort.net/1/self-appraisal-questions-and-answers.pdf
  • http://riverside-resort.net/1/swimming-with-sharks-track-attack-gym-shorts.pdf
  • http://riverside-resort.net/1/the-complete-book-of-incense-oils-and-brews-llewellyns-practical-magick.pdf
  • http://riverside-resort.net/1/subsegmental-atelectasis.pdf
  • http://riverside-resort.net/1/the-promise-of-destiny-children-and-women-in-the-short-stories-of-louisa-may-alcott.pdf
  • http://riverside-resort.net/1/sharepoint-2010-user-guide.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://en.wikipedia.org/wiki/Billy_Milligan
  • https://it.wikipedia.org/wiki/Billy_Milligan
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=IT_EN&a=https%3a%2f%2fit.wikipedia.org%2fwiki%2fBilly_Milligan
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=TR_EN&a=https%3a%2f%2flistelist.com%2fbilly-milligan-kimdir%2f
  • http://criminalminds.wikia.com/wiki/Adam_Jackson
  • https://www.labirint.ru/books/495635/
  • https://www.labirint.ru/genres/2788/
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=RU_EN&a=https%3a%2f%2fwww.labirint.ru%2fbooks%2f495635%2f
  • https://ja.wikipedia.org/wiki/%E3%83%93%E3%83%AA%E3%83%BC%E3%83%BB%E3%83%9F%E3%83%AA%E3%82%AC%E3%83%B3
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=JA_EN&a=https%3a%2f%2fja.wikipedia.org%2fwiki%2f%25E3%2583%2593%25E3%2583%25AA%25E3%2583%25BC%25E3%2583%25BB%25E3%2583%259F%25E3%2583%25AA%25E3%2582%25AC%25E3%2583%25B3
  • https://ru.wikipedia.org/wiki/%CC%E8%EB%EB%E8%E3%E0%ED,_%C1%E8%EB%EB%E8
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=RU_EN&a=https%3a%2f%2fru.wikipedia.org%2fwiki%2f%25CC%25E8%25EB%25EB%25E8%25E3%25E0%25ED%2c_%25C1%25E8%25EB%25EB%25E8
  • http://www.english-for-students.com/English-Poems.html
  • https://en.wikipedia.org/wiki/List_of_songs_about_London
  • https://ru.wikipedia.org/wiki/%D0%9A%D0%B8%D0%B7,_%D0%94%D1%8D%D0%BD%D0%B8%D0%B5%D0%BB
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=RU_EN&a=https%3a%2f%2fru.wikipedia.org%2fwiki%2f%25D0%259A%25D0%25B8%25D0%25B7%2c_%25D0%2594%25D1%258D%25D0%25BD%25D0%25B8%25D0%25B5%25D0%25BB
  • http://skepdic.com/mpd.html
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
  • https://go.microsoft.com/fwlink/?linkid=868922
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409

  +2 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.