Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=the-million-dollar-divorce-a-novel.pdf In PDF document text

  • http://uncpbisdegree.com/download4.php?q=the-million-dollar-divorce-a-novel.pdfIn PDF document text
  • https://www.physicianonfire.com/10million/In PDF document text
  • https://kopywritingkourse.com/how-would-you-make-a-million-dollars-in-one-month/In PDF document text
  • https://inside.com/In PDF document text
  • http://www.antipope.org/charlie/blog-static/fiction/accelerando/accelerando.htmlIn PDF document text
  • http://www.dailyscript.com/scripts/jurassicpark_script_final_12_92.htmlIn PDF document text
  • http://riverside-resort.net/1/the-don-juan-papers-further-castaneda-controversies.pdfIn PDF document text
  • http://riverside-resort.net/1/the-peabody-sisters-three-women-who-ignited-american-romanticism-megan-marshall.pdfIn PDF document text
  • http://riverside-resort.net/1/shop-manuals-honda-gx160.pdfIn PDF document text
  • http://riverside-resort.net/1/tom-sawyer-packet-answers.pdfIn PDF document text
  • http://riverside-resort.net/1/the-dwarf-par-lagerkvist.pdfIn PDF document text
  • http://riverside-resort.net/1/tiles-design-for-car-park.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-hilux-d4d-service-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/the-black-and-white-handbook.pdfIn PDF document text
  • http://riverside-resort.net/1/the-four-horsemen-an-international-thriller.pdfIn PDF document text
  • http://riverside-resort.net/1/the-theft-of-memory-losing-my-father-one-day-at-a-time.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.indiewire.com/2017/11/saddest-movies-of-the-21st-century-1201896115/#In PDF document text
  • http://mentalfloss.com/article/30243/7-ways-divorce-proof-your-marriage-statistically-speakingIn PDF document text
  • http://www.pbs.org/program/retired-site/In PDF document text
  • http://www.macleans.ca/the-heiress-the-impresario-and-the-juiciest-divorce-ever/In PDF document text
  • https://www.forbes.com/fdc/welcome_mjx.shtmlIn PDF document text
  • https://www.forbes.com/sites/calebmelby/2012/03/12/how-elon-musk-became-a-billionaire-twice-over/In PDF document text
  • https://www.washingtontimes.com/communities/In PDF document text
  • https://www.telegraph.co.uk/money/In PDF document text
  • https://www.marieclaire.com/sex-love/a5380/millionaire-starter-wife/In PDF document text
  • https://abcnews.go.com/entertainmentIn PDF document text
  • http://www.philly.com/philly/archives/In PDF document text
  • https://www.marketwatch.com/investing/stock/mylIn PDF document text
  • https://www.marketwatch.com/tools/marketsIn PDF document text
  • https://www.marketwatch.com/tools/markets/stocksIn PDF document text
  • https://www.marketwatch.com/tools/markets/stocks/country/united-statesIn PDF document text
  • http://www.dailymail.co.uk/femail/article-3865492/SEBASTIAN-SHAKESPEARE-Battle-Badminton-millions-Marquess-Worcester-s-new-love-spells-divorce.htmlIn PDF document text
  • http://time.com/?homepage=prod-testIn PDF document text
  • https://www.hollywoodreporter.com/In PDF document text
  • http://www.chicagotribune.com/entertainment/theater/reviews/In PDF document text
  • https://www.rollingstone.com/movies/reviewsIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://en.wikipedia.org/wiki/Hotel_In PDF document text
  • https://en.wikipedia.org/wiki/Kindred_In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.