MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample is a PDF document that contains a large number of repeated phone numbers, triggering heuristics for travel-support phone scams and callback phishing lures. The document body is heavily obfuscated and does not contain readable text, but the heuristic firings strongly indicate a social engineering attempt to trick the user into calling a fraudulent support line.
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Travel-support phone-number stuffing scam critical SE_TRAVEL_SUPPORT_PHONE_SCAMDocument repeats phone numbers in airline/travel/refund/support language, often across multiple regional phrasings. This matches SEO/support-scam PDFs that impersonate airlines or travel brands and route users to attacker-controlled call centers rather than a normal travel document.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
Extracted artifacts 7
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_015_off0001ecee.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1ECEE | 18240 bytes |
SHA-256: 40e421321e795e26ef42df8f532d3ea5ea8f2c595c2f46e8bbf04c2cd9121b4a |
|||
stream_020_off00021274.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x21274 | 150432 bytes |
SHA-256: d0e870b8977de6bd6268e7b900f8a405da97d2b71173ca3b00d908d52c5454e0 |
|||
font_01_sfnt_off00035495.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x35495 | 13508 bytes |
SHA-256: bd9e83287b0d68b69d51ade3b1a6d88c9d79616100fdc6bf8b94f35bdafefa18 |
|||
font_02_sfnt_off000376fb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x376FB | 221672 bytes |
SHA-256: a7cd16084d175f6b911e09f4aec11053f701f3a8bdf5414f2c39a9ceafde9675 |
|||
font_03_sfnt_off00038bc3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x38BC3 | 55948 bytes |
SHA-256: 3c6051093235d69c49bba294c3800b69fb67854306ce9e7943d0d6d3649bd30d |
|||
font_04_sfnt_off0003cc7b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3CC7B | 47820 bytes |
SHA-256: c37ff9f7ac38071c5562ac4531b40d9dd44e418c77721c770c79c0dc31a9a670 |
|||
font_05_sfnt_off000405e5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x405E5 | 6096 bytes |
SHA-256: 03c02e05377f87b7ffcfeecda6ee9d693b22f57d196f7e92f5eec09b0c4d8096 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.