MALICIOUS
64
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0034
Heuristics 4
-
Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISHDocument impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: http://go2l.ink/info091802.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://go2l.ink/info091802 PDF link annotation
- http://ocsp.verisign.com0In PDF document text
- https://i.imgur.com/CuYHT2A.pngIn PDF document text
- https://i.imgur.com/BJH8zQL.pngIn PDF document text
- https://i.imgur.com/CuYHT2A.png)/TypeIn PDF document text
- https://i.imgur.com/BJH8zQL.png)/TypeIn PDF document text
- http://www.microsoft.com/typography/ctfontshttp://lucasfonts.comMicrosoftIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
- http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
- http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0aIn PDF document text
- http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^In PDF document text
- http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��In PDF document text
- http://www.microsoft.com/pkiops/docs/primarycps.htm0@In PDF document text
- http://www.microsoft.com/Typography/0In PDF document text
- http://www.monotype.com/html/mtname/ms_symbol.htmlhttp://www.monotype.com/html/mtname/ms_welcome.htmlNOTIFICATIONIn PDF document text
- http://www.monotype.com/html/type/license.htmlIn PDF document text
- http://crl.verisign.com/ThawteTimestampingCA.crl0In PDF document text
- http://crl.verisign.com/tss-ca.crl0In PDF document text
- http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0OIn PDF document text
- http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0In PDF document text
- http://www.microsoft.com/typographyIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00003bcf.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3BCF | 371744 bytes |
SHA-256: 78f530b1601021787e52b5134047b97bba8af910617ac8fe63033aed1818cafd |
|||
font_00_sfnt_off00000687.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x687 | 24332 bytes |
SHA-256: ca6c494bb5ef9be7361cfad38425c9e5ec46bc51a29f0a9ed3e0b4866540a7f4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.