Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=tom-jones-oxford-worlds-classics.pdf

  • http://uncpbisdegree.com/download4.php?q=tom-jones-oxford-worlds-classics.pdf
  • http://www.bibme.org/
  • http://www.ljhammond.com/classics/cl3.htm
  • https://ipsum.im/
  • http://christianthinktank.com/bookabs.html
  • http://www.sciencemeetsreligion.org/resources/bibliography.html
  • http://www.stuartagency.com/client-list.html
  • http://www.oldmovieexhibition.com/
  • http://riverside-resort.net/1/the-pigeon-pair.pdf
  • http://riverside-resort.net/1/shopkins-the-ultimate-collectors-guide.pdf
  • http://riverside-resort.net/1/statistical-mechanics-mcquarrie-solutions-chapter-2.pdf
  • http://riverside-resort.net/1/the-science-of-trust-emotional-attunement-for-couples-john-m-gottman.pdf
  • http://riverside-resort.net/1/systems-understanding-aid-8th-edition-statement-of-cash-flows.pdf
  • http://riverside-resort.net/1/tb-woods-sw1-ac-inverter-manual.pdf
  • http://riverside-resort.net/1/the-lincoln-conspiracy-a-novel.pdf
  • http://riverside-resort.net/1/the-bremen-town-musicians.pdf
  • http://riverside-resort.net/1/toyota-sienna-electrical-diagram.pdf
  • http://riverside-resort.net/1/sony-cmt-nez50-owners-manual.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://en.wikipedia.org/wiki/University_of_Oxford
  • https://abcnews.go.com/entertainment
  • https://www.amazon.com/amazon-fashion/b?node=7141123011
  • https://www.telegraph.co.uk/opinion/
  • http://ancientworldonline.blogspot.com/
  • http://bmcr.brynmawr.edu/2017/
  • http://www.gutenberg.org/browse/authors/a
  • https://www.amazon.com/movies-tv-dvd-bluray/b?node=2625373011
  • https://www.rollingstone.com/music
  • https://es.wikipedia.org/wiki/Libro
  • http://www.openculture.com/free_ebooks
  • https://www.udc.es/biblioteca
  • http://www.lib.berkeley.edu/MRC/imagesafam.html
  • https://libraries.psu.edu/databases
  • https://www.psychologytoday.com/us/blog/inside-the-box/201402/thinking-outside-the-box-misguided-idea
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
  • https://go.microsoft.com/fwlink/?linkid=868922
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
  • http://go.microsoft.com/fwlink/?LinkID=617297
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicense

Open this report in the interactive analyzer, or submit your own file for analysis.