Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=study-guide-for-content-mastery-answer-key-earth-science.pdf In PDF document text

  • http://uncpbisdegree.com/download4.php?q=study-guide-for-content-mastery-answer-key-earth-science.pdfIn PDF document text
  • http://1645pacific.com/online/earth-science-study-guide-for-content-mastery-answer-key.pdfIn PDF document text
  • http://www.glencoe.com/sites/california/student/science/assets/pdfs/sgcm3.pdfIn PDF document text
  • http://www.shutupbill.com/pdfs/chapter-12-meteorology-study-guide-for-content-mastery-answer-key.pdfIn PDF document text
  • http://www.wsfcs.k12.nc.us/cms/lib/NC01001395/Centricity/ModuleInstance/15341/Mastery_Content_Student.pdfIn PDF document text
  • https://joomlaxe.com/document/chapter-14-study-guide-for-content-mastery-answer-key-climate.htmlIn PDF document text
  • http://new.schoolnotes.com/files/sarahbaik/GeoPacket.pdfIn PDF document text
  • http://www6.grafton.k12.wi.us/ghs/mathdept/ldean/documents/19.1.pdfIn PDF document text
  • http://msbreezeearth.weebly.com/uploads/1/0/0/8/10084583/sg_18.pdfIn PDF document text
  • http://bjerld.de/earth/science/earth_science_study_guide_for_content_mastery_answer_key.pdfIn PDF document text
  • http://uncpbisdegree.com/1/subject-verb-agreement-high-school-with-answers.pdfIn PDF document text
  • http://uncpbisdegree.com/1/tales-for-little-rebels-a-collection-of-radical-children-ap.pdfIn PDF document text
  • http://riverside-resort.net/1/user-guide-toyota-tacoma-2007-wiring-diagram.pdfIn PDF document text
  • http://riverside-resort.net/1/untitled-heaven-and-hell-2-kristen-ashley.pdfIn PDF document text
  • http://uncpbisdegree.com/1/test-question-construction-checklist.pdfIn PDF document text
  • http://riverside-resort.net/1/wolf-hall.pdfIn PDF document text
  • http://uncpbisdegree.com/1/teradyne-catalyst-rf-tester-manual.pdfIn PDF document text
  • http://uncpbisdegree.com/1/sling-promotion.pdfIn PDF document text
  • http://uncpbisdegree.com/1/survival-at-40-below.pdfIn PDF document text
  • http://uncpbisdegree.com/1/sullivan-precalculus-7th-edition-solutions.pdfIn PDF document text
  • https://joomlaxe.com/document/chapter-14-study-guide-for-contentIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.chegg.com/textbooks/study-guide-and-reinforcement-answer-key-glencoe-science-physical-science-with-earth-science-1st-edition-9780078725548-0078725542In PDF document text
  • https://www.amazon.com/Earth-Science-Geology-Environment-Universe/dp/0078245664In PDF document text
  • https://www.amazon.com/Education-Teaching/b?ie=UTF8&node=8975347011In PDF document text
  • https://www.amazon.com/Schools-Teaching/b?ie=UTF8&node=5267708011In PDF document text
  • https://quizlet.com/subject/study-guide-earth-science-chapter-20/In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://www.chegg.com/textbooks/study-guide-and-reinforcementIn PDF document text
  • https://quizlet.com/subject/study-guide-earth-science-chapter-20In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.