Malicious PDF — malware analysis report

Heuristics 4

• Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOAD
  The ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
• PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARM
  PDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://uncpbisdegree.com/download3.php?q=wiring-diagrams-polaris-atv.pdf In PDF document text

  • http://uncpbisdegree.com/download4.php?q=wiring-diagrams-polaris-atv.pdfIn PDF document text
  • http://www.cyclepedia.com/online-manuals/polaris-atv-online-repair-manuals/polaris-50-90-scrambler-atvs-online-service-manual/In PDF document text
  • http://www.cyclepedia.com/online-manuals/polaris-atv-online-repair-manuals/2004-2013-polaris-400-450-500-sportsman-carburated-atv-online-service-manual/In PDF document text
  • http://www.3wheelerworld.com/oldsite/WiringHonda.shtmlIn PDF document text
  • http://www.ezturnsignalkit.com/StreetLegalKits.htmlIn PDF document text
  • http://www.autorepairmanuals.biz/product/STI427In PDF document text
  • http://www.3wheelerworld.com/content.php/187-honda-wiring-diagram-sectionIn PDF document text
  • http://www.instant-manual.com/download-polaris-service-manuals-by-model.htmlIn PDF document text
  • https://www.atvrepairmanual.com/In PDF document text
  • https://www.factoryrepairmanuals.com/2007-ford-explorer-mercury-mountaineer-electrical-wiring-diagrams/In PDF document text
  • https://www.regulatorrectifier.com/catalog/polaris-272In PDF document text
  • https://www.themanualstore.com/Boat-Manual-s/210.htmIn PDF document text
  • https://www.atvrepairmanual.com/polaris-sportsman-repair-manual-400-450-500-550-600-700-800-850/In PDF document text
  • https://www.atvrepairmanual.com/category/polaris-atv-repair-manuals/In PDF document text
  • https://www.factoryrepairmanuals.com/1999-ford-f250-f350-f450-f550-super-duty-truck-electrical-wiring-diagrams/In PDF document text
  • http://www.service-repair-workshop-manual.com/category/atv/can-am/In PDF document text
  • http://www.eztsk.com/HornKit.htmlIn PDF document text
  • http://www.auto-repair-manuals.com/In PDF document text
  • http://www.autorepairmanuals.biz/page/487793804In PDF document text
  • https://www.themotorbookstore.com/motorcycle-manuals.htmlIn PDF document text
  • http://www.offroaders.com/atv/northeast-atv-clubs.htmlIn PDF document text
  • http://www.offroaders.com/tech/index.htmlIn PDF document text
  • http://www.offroaders.com/atv/index.htmlIn PDF document text
  • http://riverside-resort.net/1/year-7-comprehension-english-test-questions.pdfIn PDF document text
  • http://uncpbisdegree.com/1/strangers-in-paris.pdfIn PDF document text
  • http://riverside-resort.net/1/vollhardt-shore-organic-chemistry-solutions-manual.pdfIn PDF document text
  • http://uncpbisdegree.com/1/tajweed-quran-with-meanings-translation-and-transliteration.pdfIn PDF document text
  • http://uncpbisdegree.com/1/springboard-algebra-1-unit-3-answer-key.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-hot-girls-of-weimar-berlin.pdfIn PDF document text
  • http://uncpbisdegree.com/1/teacher-recruitment-board-commerce-question-paper.pdfIn PDF document text
  • http://uncpbisdegree.com/1/sharepoint-2018-prerequisites-manual-install.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-black-cat-konemann-classics.pdfIn PDF document text
  • http://uncpbisdegree.com/1/the-american-society-of-law-medicine.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://www.manualslib.com/manual/131469/Polaris-Sportsman-90.htmlIn PDF document text
  • https://www.manualslib.com/brand/polaris/offroad-vehicle.htmlIn PDF document text
  • https://www.manualslib.com/products/Polaris-Sportsman-90-3412994.htmlIn PDF document text
  • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
  • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
  • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.