Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=the-rise-of-barack-obama.pdf In PDF document text

  • http://uncpbisdegree.com/download4.php?q=the-rise-of-barack-obama.pdfIn PDF document text
  • http://www.petesouza.com/gallery.html?gallery=TheIn PDF document text
  • http://www.getnetworth.com/barack-obama-net-worth/In PDF document text
  • http://obamaspeeches.com/E11-Barack-Obama-Election-Night-Victory-Speech-Grant-Park-Illinois-November-4-2008.htmIn PDF document text
  • http://riverside-resort.net/1/zimsec-mathematics-paper12015-for-a-level-crisiss.pdfIn PDF document text
  • http://riverside-resort.net/1/wintering-a-novel-of-sylvia-plath.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-diary-novel.pdfIn PDF document text
  • http://uncpbisdegree.com/1/taloyoak-hotel.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-complete-guide-to-investing-in-commodity-trading-am.pdfIn PDF document text
  • http://uncpbisdegree.com/1/solving-exponential-equation-and-inequalities-answer-key.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-desert-caves-of-saudi-arabia.pdfIn PDF document text
  • http://riverside-resort.net/1/useful-aptitude-test-books-for-mech-eng.pdfIn PDF document text
  • http://riverside-resort.net/1/wii-fit-vs-wii-fit-balance-board.pdfIn PDF document text
  • http://uncpbisdegree.com/1/study-guide-answers-physics-principles-and-problems.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://en.wikipedia.org/wiki/Barack_Obama_presidential_campaign,_2008In PDF document text
  • https://simple.wikipedia.org/wiki/Barack_ObamaIn PDF document text
  • https://en.wikipedia.org/wiki/ObamaIn PDF document text
  • https://www.biography.com/people/barack-obama-12782369In PDF document text
  • http://www.slate.com/articles/news_and_politics/cover_story/2016/03/how_donald_trump_happened_racism_against_barack_obama.htmlIn PDF document text
  • http://thehill.com/blogs/blog-briefing-room/news/363555-obama-warns-of-complacency-notes-rise-of-hitlerIn PDF document text
  • https://www.snopes.com/fact-check/who-is-barack-obama/In PDF document text
  • http://news.gallup.com/poll/116479/barack-obama-presidential-job-approval.aspxIn PDF document text
  • http://tvtropes.org/pmwiki/pmwiki.php/UsefulNotes/BarackObamaIn PDF document text
  • http://time.com/4616866/barack-obama-administration-look-back-history-achievements/In PDF document text
  • https://www.infowars.com/bombshell-barack-obama-conclusively-outed-as-cia-creation/In PDF document text
  • http://www.dailymail.co.uk/news/article-5157287/Obama-compares-Trump-presidency-rise-Hitler.htmlIn PDF document text
  • https://www.forbes.com/sites/nathanvardi/2017/01/17/inside-the-obama-stock-markets-235-rise/In PDF document text
  • https://www.foreignaffairs.com/articles/asia/obama-and-asiaIn PDF document text
  • http://time.com/4950410/barack-obama-speech-bill-melinda-gates-goalkeepers/In PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.