Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=succeeding-in-business-with-access-answers-bing.pdf PDF link annotation

  • http://uncpbisdegree.com/download4.php?q=succeeding-in-business-with-access-answers-bing.pdfIn PDF document text
  • http://www.datagrabber.org/who-wants-to-be-a-millionaire/facebook-millionaire-final-answer-cheat-list/In PDF document text
  • http://waystoavoidscamsonline.com/wealthy-affiliate-review-my-unique-takeIn PDF document text
  • https://www.reshiftmedia.com/merge-facebook-pages-faq/In PDF document text
  • https://bellatory.com/makeup/Top-10-Reasons-To-NOT-Do-Mary-Kay-Gets-Debunked-With-Very-Little-EffortIn PDF document text
  • https://bellatory.com/makeup/In PDF document text
  • http://getbusylivingblog.com/how-ive-profited-100k-online-in-just-5-months-this-year/In PDF document text
  • http://getbusylivingblog.com/blog/In PDF document text
  • http://www.studymode.com/subjects/education-is-a-key-to-success-page1.htmlIn PDF document text
  • https://www.reliablesoft.net/what-is-search-engine-optimization-and-why-is-it-important/In PDF document text
  • http://ultralightnews.com/buz1/rtxhirt.htmlIn PDF document text
  • http://www.financialindustryscam.com/mlm.htmIn PDF document text
  • http://uncpbisdegree.com/1/solutions-for-turing-machine-problems-peter-linz.pdfIn PDF document text
  • http://uncpbisdegree.com/1/sony-srf-m85v-manual.pdfIn PDF document text
  • http://riverside-resort.net/1/women-of-the-word-how-to-study-bible-with-both-our-hearts-and-minds-jen-wilkin.pdfIn PDF document text
  • http://uncpbisdegree.com/1/software-for-comic-book-drawing.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-face-stealer-tombs-book-1.pdfIn PDF document text
  • http://uncpbisdegree.com/1/tenet-information-privacy-security-test-answers.pdfIn PDF document text
  • http://riverside-resort.net/1/waec-answers-for-may-june-2014-chemistry-practical-alternative-a-paper-3.pdfIn PDF document text
  • http://uncpbisdegree.com/1/sscboard-time-tablejuly2015.pdfIn PDF document text
  • http://riverside-resort.net/1/uvampire-izombie-2-chris-roberson.pdfIn PDF document text
  • http://riverside-resort.net/1/water-and-wastewater-technology-6th-edition-solution-manual.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.informationweek.com/default.aspIn PDF document text
  • https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/what-causes-error-code-0xc1900200-when-updating/c1329e77-0bd7-4f10-8eab-1ee839032250In PDF document text
  • https://www.nasdaq.com/news/In PDF document text
  • https://www.digitalcommerce360.com/internet-retailer/In PDF document text
  • http://www.sitesell.com/sbiforwp/In PDF document text
  • https://www.quora.com/Why-do-so-many-startups-failIn PDF document text
  • https://www.websitebuilderexpert.com/why-you-should-not-hire-a-website-designer/In PDF document text
  • https://www.websitebuilderexpert.com/category/website-design/In PDF document text
  • https://www.cnbc.com/politics/?redirect=1In PDF document text
  • https://en.wikipedia.org/wiki/You_TubeIn PDF document text
  • https://dengarden.com/pest-control/Bed-Bug-Extermination-ChecklistIn PDF document text
  • https://dengarden.com/pest-control/In PDF document text
  • https://dengarden.com/pest-control/bedbugs/In PDF document text
  • https://en.wikipedia.org/wiki/Bill_GatesIn PDF document text
  • https://www.onelook.com/pm/In PDF document text
  • http://firstround.com/review/17-product-managers-who-will-own-the-future-of-nyc-tech-and-the-9-frameworks-theyll-use-to-do-it/In PDF document text
  • http://www.dailymail.co.uk/tvshowbiz/article-3487738/Idris-Elba-beams-poses-mother-OBE-ceremony.htmlIn PDF document text
  • https://blogs.msdn.microsoft.com/bharry/2012/09/12/visual-studio-update-this-fall/In PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.