PDF static analysis report

Static analysis result for SHA-256 157e647189f26621…

CLEAN

PDF

246.0 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-26
MD5: 486826621cbc15efd68b56918f6222b9 SHA-1: a5de9aaa32416cea405fac0355a3a9af3d137d95 SHA-256: 157e647189f26621be5b9c85eb002bf63e86587351ec2107c08f40b2805b698b
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 2

  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
  • External URI info PDF_URI
    PDF contains an external URL action

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_012_off0001eb88.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1EB88 149712 bytes
SHA-256: d1e40b82def96fafb2328b0f5bf49a15876052b2f14dc5b7b51846237bd5c171
stream_030_off0003063e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3063E 18240 bytes
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95
icc_00_off0000fbea.icc pdf-icc-profile PDF ICC profile at offset 0xFBEA 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_01_sfnt_off0002779b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2779B 29100 bytes
SHA-256: 50d0e023038d258eacaad0e60beadfc66d43519f14aac2e75488b54d734dc845
font_02_sfnt_off000280d0.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x280D0 13508 bytes
SHA-256: bd9e83287b0d68b69d51ade3b1a6d88c9d79616100fdc6bf8b94f35bdafefa18
font_03_sfnt_off00035d99.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x35D99 217256 bytes
SHA-256: 270febc7319c063a2379ceecc74d5e5322d9f28e56c42d041effdf6a7e0d7165