MALICIOUS
60
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
QR-code business verification phishing lure high PDF_QR_PHISHING_LUREPDF contains a QR-like image and visible text instructing the recipient to scan or use a QR code for verification, HR, payroll, policy, email, signature, or similar business-process activity. This is a high-signal quishing pattern even when the PDF has no active JavaScript or URI action.
-
QR-code redirect lure medium SE_QR_LUREDocument instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
icc_00_off00000196.icc |
pdf-icc-profile | PDF ICC profile at offset 0x196 | 536 bytes |
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d |
|||
font_00_sfnt_off0000714c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x714C | 53624 bytes |
SHA-256: 1c35bb2602212562cc6a3d7569075f7d232e51233ad6a3f582f0da8fc730c62a |
|||
font_01_sfnt_off0000ffb6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFB6 | 33264 bytes |
SHA-256: deb061c0d40cbe9d567f4484877b2ff728dec3298ccdeca6617d5fea784c2a0a |
|||
font_02_sfnt_off0001584d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1584D | 17012 bytes |
SHA-256: 74d544edcf2ba2606680c355d0a5c8c2781ec37c0e686e5415350d7931249fc5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.