MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a high number of phone numbers, consistent with a travel support phone scam. The document's structure and heuristic firings strongly suggest a callback phishing or tech-support scam. No scripts were extracted, limiting further analysis of execution methods.
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Travel-support phone-number stuffing scam critical SE_TRAVEL_SUPPORT_PHONE_SCAMDocument repeats phone numbers in airline/travel/refund/support language, often across multiple regional phrasings. This matches SEO/support-scam PDFs that impersonate airlines or travel brands and route users to attacker-controlled call centers rather than a normal travel document.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_010_off0001ae72.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1AE72 | 150220 bytes |
SHA-256: 8a6dd98c6dfbcf34d273e2c42e491956c6a4e09c36fa6d1d259e570bef50be12 |
|||
stream_022_off0002848c.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2848C | 18240 bytes |
SHA-256: ab5f571bf0cd18a495d3ad2095b48edc8a90a4ff34d2cb5d46c82eaa51a75def |
|||
stream_026_off0002a408.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2A408 | 18240 bytes |
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95 |
|||
font_00_sfnt_off00019d98.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19D98 | 217876 bytes |
SHA-256: 94378094160879993a14e7eaa384bc8b9d017ab7070d01280a8998c3271d5c06 |
|||
font_02_sfnt_off00032c15.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x32C15 | 50208 bytes |
SHA-256: 305bf8c7a76ca05575d24c7c0fa3c8ce32844576d3cdaa976f680868b869fef6 |
|||
font_03_sfnt_off00033b7d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x33B7D | 50400 bytes |
SHA-256: 3933f0a171d2e1d52238afd1697f635a25c78debe3762eae68e9de3aebda16b8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.