MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample triggered heuristics for a travel support phone scam and a general callback lure, indicating a social engineering attempt. The document body was heavily obfuscated and truncated, preventing a deeper analysis of its specific content or potential embedded scripts. No other IOCs were extracted.
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Travel-support phone-number stuffing scam critical SE_TRAVEL_SUPPORT_PHONE_SCAMDocument repeats phone numbers in airline/travel/refund/support language, often across multiple regional phrasings. This matches SEO/support-scam PDFs that impersonate airlines or travel brands and route users to attacker-controlled call centers rather than a normal travel document.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
Extracted artifacts 8
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_009_off0001bbe9.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1BBE9 | 149796 bytes |
SHA-256: 71aabf16044f11fa268206d262a948f473737c1fdf4e1b45c6c740e9671502c8 |
|||
stream_026_off0002d25d.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2D25D | 18240 bytes |
SHA-256: ab5f571bf0cd18a495d3ad2095b48edc8a90a4ff34d2cb5d46c82eaa51a75def |
|||
stream_030_off0002f1d9.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2F1D9 | 18240 bytes |
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95 |
|||
font_00_sfnt_off000171cd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x171CD | 36324 bytes |
SHA-256: aadb4f4d3a6b55b2ce26ca2337b74b799ca9f723c190f42d90aee5c1625762fe |
|||
font_02_sfnt_off00024784.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x24784 | 16652 bytes |
SHA-256: 8c3d9d3ea1ef5220ccc19b4bc8eb9d454d82651ca607fd1249168d5f6c2f9c3d |
|||
font_03_sfnt_off00032430.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x32430 | 217340 bytes |
SHA-256: 94e96ca5dcf0707727b48752fdd01a4cb343919f3b48cba95a6cbc0d6d0c748e |
|||
font_04_sfnt_off00038909.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x38909 | 50208 bytes |
SHA-256: 305bf8c7a76ca05575d24c7c0fa3c8ce32844576d3cdaa976f680868b869fef6 |
|||
font_05_sfnt_off00039871.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x39871 | 50400 bytes |
SHA-256: 3933f0a171d2e1d52238afd1697f635a25c78debe3762eae68e9de3aebda16b8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.