PDF static analysis report

Static analysis result for SHA-256 1aa00ffb9219544f…

CLEAN

PDF

184.8 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-29
MD5: d54fd49fbf8f676e3064374e913ebc9f SHA-1: 2c919c2e27c9e40469f5846503f64336bdc6a3fb SHA-256: 1aa00ffb9219544fbb6aed49956bc5740979ce9391e43e3e2d3591914b2b161b
20 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 1

  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_012_off0001c53a.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1C53A 149520 bytes
SHA-256: 4b29e4a792b50920341c95258249cd66d78a3e4ab6abb14071bde1424dfe5423
stream_014_off00025168.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x25168 18240 bytes
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95
font_01_sfnt_off00027033.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x27033 43496 bytes
SHA-256: cde3d9a10aacd0715d5004321a133a28ef09cdcecd3fad3e15475b36e414a9b6
font_02_sfnt_off00027b9f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x27B9F 219996 bytes
SHA-256: 1eb9f375af2037c52389dae8db099b59b453a5985cc96394daa52752bfad142c
font_03_sfnt_off00028bf3.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x28BF3 47796 bytes
SHA-256: e63a51dfd52b6a8c3166c59ef4814eb245c5181b09637107ec97ab4eb48e1cf5
font_04_sfnt_off0002c51d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2C51D 6096 bytes
SHA-256: 03c02e05377f87b7ffcfeecda6ee9d693b22f57d196f7e92f5eec09b0c4d8096