Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=system-problems-and-solutions.pdf In PDF document text

  • http://uncpbisdegree.com/download4.php?q=system-problems-and-solutions.pdfIn PDF document text
  • http://www.ipripak.org/education-system-of-pakistan-issues-problems-and-solutions/In PDF document text
  • http://www.car-ignition.com/Car_Ignition_Problems/In PDF document text
  • https://mercedessource.com/problemsIn PDF document text
  • http://www.pcedcs.com/deltav-problems-and-solutions/In PDF document text
  • http://www.3dcutting.com/solutions.htmlIn PDF document text
  • http://petrowiki.org/PEH%3ADrilling_Problems_and_SolutionsIn PDF document text
  • http://www.balkanplumbing.com/sewer-line-problems-explained-solutions-advice/In PDF document text
  • http://www.militarycac.com/faqs.htmIn PDF document text
  • https://www.tsgcinc.com/In PDF document text
  • http://www.a1cesspool.com/inf-10x.info.htmlIn PDF document text
  • http://www.bba-reman.com/gb/content.aspx?content=ford_mondeo_common_problems_and_solutionsIn PDF document text
  • http://www.softwareqatest.com/qatfaq1.htmlIn PDF document text
  • http://www.autorepairkey.com/articles/head-gasket/In PDF document text
  • http://motorscootermuse.com/chinese_scooters.phpIn PDF document text
  • http://www.einfopedia.com/agriculture-problems-in-pakistan-and-their-solutions.phpIn PDF document text
  • http://www.einfopedia.com/topics/countriesIn PDF document text
  • http://cvps.solutions/In PDF document text
  • http://www.pontiacbonnevilleclub.com/forum/2000-2005-other-than-gxp/topic25362.htmlIn PDF document text
  • http://www.npd-solutions.com/va.htmlIn PDF document text
  • https://github.com/donnemartin/system-design-primerIn PDF document text
  • http://www.doggysolutions.com/In PDF document text
  • http://www.webmath.com/index4.htmlIn PDF document text
  • http://safety.assp.org/education/pre-conference-courses/In PDF document text
  • http://riverside-resort.net/1/the-harvard-biographical-dictionary-of-music.pdfIn PDF document text
  • http://riverside-resort.net/1/the-republic-of-east-la-luis-j-rodriguez.pdfIn PDF document text
  • http://riverside-resort.net/1/signalling-from-internalised-growth-factor-receptors-reprint.pdfIn PDF document text
  • http://riverside-resort.net/1/solution-manual-engineering-mechanics-dynamics-meriam-6th-edition.pdfIn PDF document text
  • http://riverside-resort.net/1/the-mason-list-kindle-edition-sd-hendrickson.pdfIn PDF document text
  • http://riverside-resort.net/1/the-law-of-trusts-8th-edition.pdfIn PDF document text
  • http://riverside-resort.net/1/suck-it-up-and-die.pdfIn PDF document text
  • http://riverside-resort.net/1/toyota-solara-reset-maint-light.pdfIn PDF document text
  • http://riverside-resort.net/1/twentieth-century-words.pdfIn PDF document text
  • http://riverside-resort.net/1/simple-accounting-procedures-manual.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.med.umich.edu/yourchild/topics/sleep.htmIn PDF document text
  • https://en.wikipedia.org/wiki/Wicked_problemIn PDF document text
  • http://www.tacklewarehouse.com/Bass_Boat_Solutions_Flow-Rite_Remote_Drain_Plug_System_/descpage-BBSDPCM.htmlIn PDF document text
  • http://www.tacklewarehouse.com/Bass_Boat_Solutions_Drain_Plugs/catpage-BBSP.htmlIn PDF document text
  • http://webassign.net/In PDF document text
  • http://www.iolo.com/In PDF document text
  • https://ryder.com/In PDF document text
  • http://www.fixya.com/In PDF document text
  • https://www.techradar.com/news/software/operating-systems/52-windows-problems-and-solutions-716020In PDF document text
  • https://www.techradar.com/newsIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text

  +3 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.