Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=unigraphics-nx7.pdf PDF link annotation

  • http://uncpbisdegree.com/download4.php?q=unigraphics-nx7.pdfIn PDF document text
  • http://designvisionaries.com/nx-8-5-training-unigraphics-nx-tutorial-3-sketch/In PDF document text
  • http://www.downcc.com/soft/299388.htmlIn PDF document text
  • http://www.kuaihou.com/s/ug7.5/In PDF document text
  • http://www.sdbeta.com/z/UGNX.htmlIn PDF document text
  • http://www.cadcam-e.com/development-tools/Open-data-exchange-sdk.aspxIn PDF document text
  • http://www.nexeo.de/In PDF document text
  • http://www.downcc.com/soft/298628.htmlIn PDF document text
  • http://www.adgroupe.com/fr/deshors-adi/In PDF document text
  • http://advancecad.edu.vn/giao-trinh-unigraphics-nx-10-tai-lieu-nx-tu-hoc-unigraphic/In PDF document text
  • http://advancecad.edu.vn/cad-cam-mien-phi/In PDF document text
  • http://www.adgroupe.com/en/In PDF document text
  • http://www.edrawingsviewer.jp/ed/faq.htmlIn PDF document text
  • http://www.kuaihou.com/soft/247911.htmlIn PDF document text
  • http://plmdojo.com/datamodel/store-drawings-teamcenter/In PDF document text
  • https://www.accretech.jp/product/measuring/cmm/files/holos.pdfIn PDF document text
  • http://riverside-resort.net/1/the-works-of-henry-david-thoreau-unknown-binding.pdfIn PDF document text
  • http://riverside-resort.net/1/t-trimpe-2002-biome-challenge-answers.pdfIn PDF document text
  • http://riverside-resort.net/1/the-beast-and-sovereign-volume-i-jacques-derrida.pdfIn PDF document text
  • http://riverside-resort.net/1/the-book-of-lost-tales-part-two-history-middle-earth-2-jrr-tolkien.pdfIn PDF document text
  • http://riverside-resort.net/1/the-emperor-of-all-maladies-siddhartha-mukherjee.pdfIn PDF document text
  • http://riverside-resort.net/1/the-magic-thread.pdfIn PDF document text
  • http://riverside-resort.net/1/suzuki-intruder-1997.pdfIn PDF document text
  • http://riverside-resort.net/1/to-dowload-teachers-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/thales-network-management-solutions.pdfIn PDF document text
  • http://riverside-resort.net/1/the-fools-tale-nicole-galland.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.eng-tips.com/viewthread.cfm?qid=367656In PDF document text
  • https://www.eng-tips.com/threadforum.cfm?lev3=70In PDF document text
  • https://www.eng-tips.com/threadminder.cfm?pid=561&page=1In PDF document text
  • https://www.eng-tips.com/viewthread.cfm?qid=341508In PDF document text
  • https://www.plm.automation.siemens.com/global/en/products/nx/In PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=ZH-CHS_EN&a=http%3a%2f%2fwww.downcc.com%2fsoft%2f299388.htmlIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=ZH-CHS_EN&a=http%3a%2f%2fwww.kuaihou.com%2fs%2fug7.5%2fIn PDF document text
  • http://www.jb51.net/softs/504323.htmlIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=ZH-CHS_EN&a=http%3a%2f%2fwww.jb51.net%2fsofts%2f504323.htmlIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=ZH-CHS_EN&a=http%3a%2f%2fwww.sdbeta.com%2fz%2fUGNX.htmlIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=DE_EN&a=http%3a%2f%2fwww.nexeo.de%2fIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=ZH-CHS_EN&a=http%3a%2f%2fwww.downcc.com%2fsoft%2f298628.htmlIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=http%3a%2f%2fwww.adgroupe.com%2ffr%2fdeshors-adi%2fIn PDF document text
  • http://www.baike.com/wiki/ugIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=ZH-CHS_EN&a=http%3a%2f%2fwww.baike.com%2fwiki%2fugIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=JA_EN&a=http%3a%2f%2fwww.edrawingsviewer.jp%2fed%2ffaq.htmlIn PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=ZH-CHS_EN&a=http%3a%2f%2fwww.kuaihou.com%2fsoft%2f247911.htmlIn PDF document text
  • http://soft-premium.jugem.jp/In PDF document text
  • http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=JA_EN&a=http%3a%2f%2fsoft-premium.jugem.jp%2fIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text

  +5 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.