MALICIOUS
62
Risk Score
Heuristics 3
-
Reference to PowerShell high SC_STR_POWERSHELLReference to PowerShell
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.howtotell.com In RTF body
- http://go.microsoft.com/fwlink/?LinkID=66406In RTF body
- http://www.microsoft.com/info/nareturns.htmIn RTF body
Open this report in the interactive analyzer, or submit your own file for analysis.