Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=soldier-2018-recruitment-form.pdf In PDF document text

  • http://uncpbisdegree.com/download4.php?q=soldier-2018-recruitment-form.pdfIn PDF document text
  • https://www.recruitmentformportal.com/nigerian-army-recruitment/In PDF document text
  • https://www.scholarinsider.com/nigerian-army-recruitment-form/In PDF document text
  • http://recruitmentresult.com/indian-army-recruitment-rally/In PDF document text
  • https://careerselection.in/jobs/army-education-havildar-recruitment-2018-2019/In PDF document text
  • http://www.currentschoolnews.com/job/nigerian-army-recruitment-form-guide/In PDF document text
  • https://www.tamilanjobs.com/perambalur-trichy-indian-army-rally-recruitment-2018-apply-online-various-soldier-posts/In PDF document text
  • https://www.basevibe.com/british-army-recruitment-2018-2019-form/In PDF document text
  • http://nevine.de/soldier/2018/soldier_2018_recruitment_form.pdfIn PDF document text
  • https://www.wifistudy.com/assam-riflesIn PDF document text
  • https://schols.com.ng/nigerian-army-77rri-recruitment-form-2018-2019-is-out-how-to-apply/In PDF document text
  • https://www.placementstore.com/indian-army-apply-online-2018/In PDF document text
  • http://riverside-resort.net/1/the-truth-about-princesses.pdfIn PDF document text
  • http://riverside-resort.net/1/smoke-in-the-sand-the-jews-of-lvov-in-the-war-years-1939-1944.pdfIn PDF document text
  • http://riverside-resort.net/1/terapiia-na-kozhnite-i-polovo-predavani-bolesti.pdfIn PDF document text
  • http://riverside-resort.net/1/trane-tcont803as32da-thermostat-installation-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/ufo-revelation-the-secret-technology-exposed.pdfIn PDF document text
  • http://riverside-resort.net/1/technical-service-bulletins-by-vin.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-vios-service-repair-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/the-rebellion-of-the-hanged.pdfIn PDF document text
  • http://riverside-resort.net/1/study-guide-answer-key.pdfIn PDF document text
  • http://riverside-resort.net/1/twelve-transgressions.pdfIn PDF document text
  • https://www.recruitmentformportal.com/nigerian-army-recruitmentIn PDF document text
  • https://www.scholarinsider.com/nigerian-army-recruitment-formIn PDF document text
  • https://careerselection.in/jobs/army-education-havildarIn PDF document text
  • https://www.tamilanjobs.com/perambalur-trichy-indian-army-rallyIn PDF document text
  • https://www.basevibe.com/british-army-recruitment-2018-2019-formIn PDF document text
  • https://schols.com.ng/nigerian-army-77rri-recruitment-form-2018In PDF document text
  • https://www.placementstore.com/indian-army-apply-online-2018In PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.blogarama.com/technology-blogs/334212-dailysgist-reaching-information-needs-blog/22522504-army-recruitment-application-2018-form-apply-hereIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://www.blogarama.com/technology-blogs/334212-dailysgistIn PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.