SUSPICIOUS
28
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012658.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12658 | 39332 bytes |
SHA-256: aba1c3c8db2865430d7e73ba680097c74d16fd2fe5c4d88e01ca3e778a08f3ad |
|||
font_01_sfnt_off00018e68.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18E68 | 12104 bytes |
SHA-256: 883364879ae20622a8b3200a2459700638e5f0c62bda57e83de43d2f0488aba1 |
|||
font_02_sfnt_off0001ab4e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1AB4E | 182536 bytes |
SHA-256: 330cbeb54f9ef5f334bf9aa3eb3f09afab61ff7ccf19d75a0900c31fdcf9752c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.