SUSPICIOUS
28
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Extracted artifacts 8
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_016_off00031fbd.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x31FBD | 152476 bytes |
SHA-256: d125431693eb8a2ff95fdcabe37ff575ffd53f6c26525be69fa128fe56ff7660 |
|||
stream_022_off0003cc0a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3CC0A | 18240 bytes |
SHA-256: ab5f571bf0cd18a495d3ad2095b48edc8a90a4ff34d2cb5d46c82eaa51a75def |
|||
stream_026_off0003eb7e.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3EB7E | 18240 bytes |
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95 |
|||
font_00_sfnt_off0002d65e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2D65E | 33220 bytes |
SHA-256: 7086863b8085e24d24edc86e929c1f0ed4bdbb3795ac08fa1b515cbcd1fad73b |
|||
font_02_sfnt_off0003b37f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3B37F | 217584 bytes |
SHA-256: 4d5004416a2a8b7ca27e2ef40b36e304667493bec9f52329b25397a9bc99d916 |
|||
font_03_sfnt_off0003c330.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3C330 | 11592 bytes |
SHA-256: f843cfcc140ebfecb3cc558d96ce63afdbdde41a36e4ab00e344fe1315071c2b |
|||
font_04_sfnt_off0004bbc0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4BBC0 | 50208 bytes |
SHA-256: 305bf8c7a76ca05575d24c7c0fa3c8ce32844576d3cdaa976f680868b869fef6 |
|||
font_05_sfnt_off0004cb28.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4CB28 | 50400 bytes |
SHA-256: 3933f0a171d2e1d52238afd1697f635a25c78debe3762eae68e9de3aebda16b8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.