MALICIOUS
130
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9395
Heuristics 4
-
Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOADThe ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
-
PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARMPDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://uncpbisdegree.com/download3.php?q=t4-free-wiring-diagrams.pdf In PDF document text
- http://uncpbisdegree.com/download4.php?q=t4-free-wiring-diagrams.pdfIn PDF document text
- http://www.naemotors.com/wp-content/uploads/2011/08/Single-Phase1.pdfIn PDF document text
- http://www.abcccodes.com/vw-t4-wiring-diagram-pdf/In PDF document text
- http://www.zytrax.com/tech/layer_1/cables/tech_lan.htmIn PDF document text
- http://www.rigmasterpower.com/support/support-materials/In PDF document text
- http://www.lorencook.com/PDFs/IOMs/Gemini_IOM.pdfIn PDF document text
- http://www.vwcamperguide.com/html/vw_t4_buyers_guide.htmlIn PDF document text
- http://www.autolumination.com/conversion.htmlIn PDF document text
- http://www.clubvw.org.au/oldart029In PDF document text
- http://burnscamp.org.uk/3/1/subaru-sti-2005-wiring-diagram.pdfIn PDF document text
- https://www.lsenginediy.com/ls-swaps-wiring-harness-and-wiring-guide/In PDF document text
- http://www.campervanconversion.co.uk/campervan-conversions-bookIn PDF document text
- http://www.atos.com/dam/jcr:2cba1353-6dd2-4480-ae81-60056733dddc/E120.pdfIn PDF document text
- http://www.lathes.co.uk/manuals/In PDF document text
- https://www.carlsalter.com/all-motorcycle-manuals.aspIn PDF document text
- http://www.greenspun.com/bboard/q-and-a.tcl?topic=Elevator+Problem+DiscussionIn PDF document text
- http://www.autorepairmanuals.biz/page/372807In PDF document text
- http://boatinfo.no/lib/mercruiser/manuals/mercruiser41.htmlIn PDF document text
- http://www.epanorama.net/links/tele_lan.htmlIn PDF document text
- http://www.iceweb.com.au/Ex-web/electstandards.htmIn PDF document text
- http://riverside-resort.net/1/under-the-skin-michel-faber.pdfIn PDF document text
- http://riverside-resort.net/1/tulipa-a-photographer-botanical.pdfIn PDF document text
- http://riverside-resort.net/1/solution-manual-of-managerial-finance-by-gitman.pdfIn PDF document text
- http://riverside-resort.net/1/thomas-jefferson-estate-tax.pdfIn PDF document text
- http://riverside-resort.net/1/toyota-van-1988-engine-compartment-fuse-diagram.pdfIn PDF document text
- http://riverside-resort.net/1/study-guide-for-sports-medicine.pdfIn PDF document text
- http://riverside-resort.net/1/top-notch-second-edition-unit-7.pdfIn PDF document text
- http://riverside-resort.net/1/the-reckoning-new-heroes-quantum-prophecy-3-michael-carroll.pdfIn PDF document text
- http://riverside-resort.net/1/the-last-surgeon.pdfIn PDF document text
- http://riverside-resort.net/1/title-student-solutions-manual-for-stewarts-essential.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.practicalmachinist.com/vb/south-bend-lathes/square-d-drum-switch-wiring-252154/In PDF document text
- http://www.practicalmachinist.com/vb/south-bend-lathes/In PDF document text
- http://www.qsl.net/g4wpw/date.htmlIn PDF document text
- http://www.moog.com/literature/ICD/Moog-ServoMotors-ExD_Series-Catalog-en.pdfIn PDF document text
- https://www.manualslib.com/manual/1313539/Mitsubishi-Electric-Fr-F820-00077.htmlIn PDF document text
- https://www.manualslib.com/brand/mitsubishi-electric/inverter.htmlIn PDF document text
- https://www.manualslib.com/products/Mitsubishi-Electric-Fr-F820-00077-8800001.htmlIn PDF document text
- https://en.wikipedia.org/wiki/NASCARIn PDF document text
- https://www.scribd.com/document/113104774/TM-9-2320-392-13PIn PDF document text
- http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
- https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
- https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004c07.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4C07 | 10804 bytes |
SHA-256: 5d87b77fef35add8673f6e1d71081b5c27bd60ba9ea01ee875c6f2d47f2ce624 |
|||
font_01_sfnt_off00006e48.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E48 | 7100 bytes |
SHA-256: 345c2bab96da1f163e26ed4d8e06f0586e06359c42a532a13b408e742779fa8a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.