PDF static analysis report

Static analysis result for SHA-256 7d9bf9dd6efeea0e…

CLEAN

PDF

243.2 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-29
MD5: d32c565a0d1d8030604264ba1187c74a SHA-1: 744f5f07f05ac99e8662389f907ebebd0517c0a1 SHA-256: 7d9bf9dd6efeea0e8b425fc599e90e283fc31f9e7659fef3d1d0805d364d4549
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 2

  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
  • External URI info PDF_URI
    PDF contains an external URL action

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_014_off0002468b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2468B 151220 bytes
SHA-256: 254fc6d9978b371a457f3202913e2e0fd79df9a658a1c7269bbf765c0363c3d4
font_00_sfnt_off0001f564.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1F564 26836 bytes
SHA-256: 36c5d9049e4b4c88399d58356d9b315232fad8761d051d81e4f2a107eb84c754
font_01_sfnt_off000236e4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x236E4 217468 bytes
SHA-256: fec76f6d9d59cf23389d6dabad351b3d0a724db252e0460a2de2776dcdccd2e7
font_03_sfnt_off0002d630.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2D630 23056 bytes
SHA-256: 327e9f319e5d949b83ded288749f16da83c81296ca3b772e33efb0c75417754e
font_04_sfnt_off00030e5b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x30E5B 48556 bytes
SHA-256: 58d9ebcbe2ae3b4a9f56fc8f8345500cb002cf1bf2d5e0c4a5293b39c9e01ddf
font_05_sfnt_off0003a490.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3A490 47796 bytes
SHA-256: e63a51dfd52b6a8c3166c59ef4814eb245c5181b09637107ec97ab4eb48e1cf5