Malware Insights
The PDF document contains a large number of external links, many of which point to other PDF files. This pattern is indicative of a link farm used to distribute malicious content or conduct phishing. The presence of a callback lure suggests a potential scam or phishing attempt where users are prompted to call a number for assistance. The document body itself is largely unreadable, but the presence of the URL http://becdaxis.com/uploads/1/3/0/6/130604775/130604775.html#aa+meetings+chattanooga+tennessee and the heuristic PDF_SEO_LINK_FARM strongly suggest a malicious intent to redirect users to harmful sites.
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://becdaxis.com/uploads/1/3/0/6/130604775/130604775.html#aa+meetings+chattanooga+tennessee
- http://alwayscal.com/uploads/1/3/0/6/130604531/3548290.pdf
- http://playrate.club/uploads/1/3/0/5/130541552/fe1ba341acf.pdf
- http://beekeepinginalaska.com/uploads/1/3/0/5/130543168/wowedojotir.pdf
- http://royal34.net/uploads/1/3/0/7/130776605/nemupamawibakej.pdf
- http://dcsportsmanship.org/uploads/1/3/0/2/130271009/pogase-risupugigore-mebeje.pdf
- http://alanjonesart.com/uploads/1/3/0/6/130639442/376120.pdf
- http://phumyhungmidtown.net/uploads/1/3/0/4/130435906/abcc230.pdf
- http://gabrielledrouin.com/uploads/1/3/0/3/130379523/nusitinatizidu.pdf
- http://www.adhd-in-focus.co/uploads/1/3/0/6/130620854/8829681.pdf
- http://911snowremoval.com/uploads/1/3/0/4/130478009/04a00e9c356ff.pdf
- http://vancouvergaragerepair.com/uploads/1/3/0/5/130543210/luwalikenuzubidis.pdf
- http://martinapook.com/uploads/1/3/0/8/130813509/1830086.pdf
- http://cpgrecruiter.com/uploads/1/3/0/5/130590741/xabetatijutofegix.pdf
- http://okrecyclingsolutions.com/uploads/1/3/0/5/130550752/jilinemozifofemaz.pdf
- http://healthybrowngirl.com/uploads/1/3/0/5/130551299/wekenezof-sozawejal-domize.pdf
- http://vjfeeds.com/uploads/1/3/0/6/130639173/66df4b6b0f5bc7.pdf
- http://cageclaypool.net/uploads/1/3/1/0/131069997/e398d110.pdf
- http://techfast.net/uploads/1/3/0/8/130874642/didajaj_wefefajudonozam_wegasiguzijoti_bepexolibitiz.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f44.bin8f1cfaa3a1c533eb2689356ef455e6851ecbf4bbf885fd6d44d4ab492a6f8056 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F44 | 8584 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.