Malicious PDF — malware analysis report

Heuristics 5

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINK
  PDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=tubes-in-my-ears-my-trip-to-the-hospital.pdf PDF link annotation

  • http://uncpbisdegree.com/download4.php?q=tubes-in-my-ears-my-trip-to-the-hospital.pdfIn PDF document text
  • https://www.drgreene.com/qa-articles/swimming-ear-tubes/In PDF document text
  • https://www.medhelp.org/posts/Ear--Nose--Throat/Allergy-Eczema-in-Ears-leaking-clear-fluid/show/7468In PDF document text
  • https://www.lizsteel.com/my-recommended-very-basic-watercolour/In PDF document text
  • http://hearinglosshelp.com/blog/why-does-my-tinnitus-change-in-volume-when-i-turn-my-neck/In PDF document text
  • https://www.lizsteel.com/my-basic-palette/In PDF document text
  • http://www.carcinoidinfo.info/mystory.htmIn PDF document text
  • http://msmcclure.com/?page_id=2289In PDF document text
  • http://www.soundtherapyperth.com/testimonials.phpIn PDF document text
  • http://hearinglosshelp.com/blog/will-my-tinnitus-ever-go-away/In PDF document text
  • http://www.childofchildrens.org/body.cfm?xyzpdqabc=0&id=20&action=full_listIn PDF document text
  • http://narrative.ly/as-my-face-disappeared-so-did-my-mother-and-father/In PDF document text
  • http://www.endoflifeblog.com/2011/02/fatal-tooth-extraction.htmlIn PDF document text
  • https://healdove.com/disease-illness/MRSA_Staph_InfectionIn PDF document text
  • https://healdove.com/disease-illness/In PDF document text
  • http://www.mmsdrops.com/testimonials/In PDF document text
  • http://www.mybugbites.com/my-foot-and-sand-flea-bites/In PDF document text
  • http://www.amiraclestory.com/whole_story.htmIn PDF document text
  • http://www.southcarolinaent.com/audiologist-staff.htmlIn PDF document text
  • http://highlysensitiveperson.net/no-air-movement/In PDF document text
  • http://www.cherylstrayed.com/wild_108676.htmIn PDF document text
  • http://www.spineandneurosurgeryhospitalindia.com/neurology-procedure/ventriculoperitoneal-shunt-for-hydrocephalus.phpIn PDF document text
  • https://www.runninginaskirt.com/my-sinus-surgery-experience-advice-and-tips/In PDF document text
  • https://www.runninginaskirt.com/category/fun/In PDF document text
  • http://www.ferretcentral.org/faq/part4.htmlIn PDF document text
  • http://www.utopiastories.com/code/show_story.asp/recid/72146In PDF document text
  • https://pestkill.org/insect/beetles/carpet-bug/In PDF document text
  • http://riverside-resort.net/1/twenty-stories-from-south-asia.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-rav4-check-engine-light-vsc-and-4wd-on.pdfIn PDF document text
  • http://riverside-resort.net/1/tuto-autocad-2d-2008.pdfIn PDF document text
  • http://riverside-resort.net/1/slavery-and-secession-chapter-10-section-4.pdfIn PDF document text
  • http://riverside-resort.net/1/travel-journal-word-template.pdfIn PDF document text
  • http://riverside-resort.net/1/service-manual-2015-harley-davidson-street-glide.pdfIn PDF document text
  • http://riverside-resort.net/1/tony-hancock-a-celebration-bbc-radio-collection.pdfIn PDF document text
  • http://riverside-resort.net/1/trig-identities-worksheet-34-solutions.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-landcruiser-hj47-24v-charging-diagram.pdfIn PDF document text
  • http://riverside-resort.net/1/title-gas-lift-manual.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.medicinenet.com/eustachian_tube_problems/article.htmIn PDF document text
  • http://thechart.blogs.cnn.com/2012/05/24/finally-a-treatment-for-that-buzzing-in-your-ears/comment-page-2/In PDF document text
  • https://blog.klm.com/what-happens-to-your-ears-during-a-flight/In PDF document text
  • http://www.savannahnow.com/news/2017-11-25/savannah-s-willett-children-s-hospital-neonatal-intensive-care-nursery-staff-worksIn PDF document text
  • https://www.healthcentral.com/migraineIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text

  +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.