Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=shareholder-resolutions.pdf PDF link annotation

  • http://uncpbisdegree.com/download4.php?q=shareholder-resolutions.pdfIn PDF document text
  • https://engagements.ceres.org/In PDF document text
  • http://tricri.org/In PDF document text
  • https://www.proxypreview.org/In PDF document text
  • https://www.merlinentertainments.biz/shareholder-meetingsIn PDF document text
  • https://share.ca/In PDF document text
  • https://www.standardlifeaberdeen.com/investors/shareholder-informationIn PDF document text
  • http://www.fouriestott.co.za/wp-content/uploads/2012/02/Newsletter-9-Resolutions-and-Authority-under-the-2008-Companies-Act.pdfIn PDF document text
  • https://www.thetaxadviser.com/issues/2017/dec/structuring-loans-s-corp-shareholder-basis-planning-opportunities.htmlIn PDF document text
  • https://evoting.karvy.com/In PDF document text
  • http://www.evotingindia.com/In PDF document text
  • https://www.theinvestmentassociation.org/media-centre/press-releases/2017/over-one-fifth-of-ftse-companies-listed-on-public-register.htmlIn PDF document text
  • https://www.santanderaccionistaseinversores.com/4T17/index_eng.phpIn PDF document text
  • http://www.sasfin.com/In PDF document text
  • http://uncpbisdegree.com/1/the-adventures-of-margery-allingham.pdfIn PDF document text
  • http://uncpbisdegree.com/1/thai-literature-an-introduction.pdfIn PDF document text
  • http://uncpbisdegree.com/1/shl-training-academy-talent-measurement-solutions.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-grand-medieval-bestiary-animals-in-illuminated-manuscripts.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-giver-answers-chapters-20-23.pdfIn PDF document text
  • http://uncpbisdegree.com/1/study-guide-the-conservative-tide.pdfIn PDF document text
  • http://uncpbisdegree.com/1/sony-ericsson-cybershot-k770i-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/visual-studio-create-solution.pdfIn PDF document text
  • http://uncpbisdegree.com/1/sheffield-masters.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-eyes-of-bayonetta-art-book-and-dvd.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.bangkokbank.com/BangkokBank/AboutBangkokBank/InvestorRelations/InvestorRelations/ShareholderServices/Pages/ShareholderInformation.aspxIn PDF document text
  • http://www.carrefour.com/content/shareholders-annual-meetingIn PDF document text
  • https://www.lawdepot.com/contracts/shareholder-agreement/?loc=USIn PDF document text
  • https://www.washingtonpost.com/news/energy-environment/wp/2017/05/31/exxonmobil-is-trying-to-fend-off-a-shareholder-rebellion-over-climate-change/In PDF document text
  • https://www.investopedia.com/terms/a/agm.aspIn PDF document text
  • http://www.cpuc.ca.gov/General.aspx?id=4137In PDF document text
  • http://www.cpuc.ca.gov/egyefficiency/In PDF document text
  • https://seekingalpha.com/article/4167869-synergy-pharmaceuticals-facing-shareholder-revolt-goodIn PDF document text
  • https://finance.yahoo.com/news/edited-transcript-bk-shareholder-annual-012613869.htmlIn PDF document text
  • https://www.sec.gov/divisions/corpfin/cf-noaction/14a-8-incoming.shtmlIn PDF document text
  • https://www.sec.gov/rules/final/34-40018.htmIn PDF document text
  • https://www.chevron.com/corporate-responsibility/our-approach/board-of-directors-governance-and-ethicsIn PDF document text
  • https://www.chevron.com/corporate-responsibilityIn PDF document text
  • https://www.chevron.com/corporate-responsibility/our-approachIn PDF document text
  • https://www.theguardian.com/business/2018/apr/24/metro-bank-founder-vernon-hill-sees-off-shareholder-revoltIn PDF document text
  • https://en.wikipedia.org/wiki/CalPERSIn PDF document text
  • https://en.wikipedia.org/wiki/Say_on_payIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.