MALICIOUS
82
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0002
Heuristics 3
-
PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINKPDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
-
Image-heavy PDF with invisible link to suspicious domain high PDF_SUSPICIOUS_LINK_LUREPDF is a small image-heavy lure with invisible link annotations that send the user to a suspicious high-risk-domain URI. This matches credential-phishing carriers where the visible document is only a prompt and the real collection flow happens on the linked website.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://socialsecuritystatementforyorrreview.vorlixa.cfd/statement2026 In PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
icc_00_off00000196.icc |
pdf-icc-profile | PDF ICC profile at offset 0x196 | 536 bytes |
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d |
|||
font_00_sfnt_off00015306.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15306 | 23300 bytes |
SHA-256: a0950825ae656a3689afdedfd1345df86a481e3f4da154a99fc652cce1c21d48 |
|||
font_01_sfnt_off00018da1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18DA1 | 37524 bytes |
SHA-256: a1bcab221bdd608d55715ce3162f0644d32943ab522669036fa02fa670fe2312 |
|||
font_02_sfnt_off0001e89c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1E89C | 24016 bytes |
SHA-256: e36107e9480c00a41508d50a3fd75aa0785a2094ff7d0337a30206f0fafa69e2 |
|||
font_03_sfnt_off00021f78.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x21F78 | 28128 bytes |
SHA-256: eb752bf43d7386b2b3861143b872f99105f05fa12f5db90882f64ddef26d4cc5 |
|||
font_04_sfnt_off00026235.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x26235 | 18552 bytes |
SHA-256: b11713d3d508af81ccb412154b70769996b6919fc04a4076727c92869ce1d3c1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.