MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample is a PDF document that contains a large number of phone numbers, consistent with a travel support or callback phishing scam. The heuristic firings indicate a phone number stuffing technique used to obscure the malicious intent. No scripts were extracted, and the document body was heavily obfuscated and truncated, preventing further analysis of the specific lure.
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Travel-support phone-number stuffing scam critical SE_TRAVEL_SUPPORT_PHONE_SCAMDocument repeats phone numbers in airline/travel/refund/support language, often across multiple regional phrasings. This matches SEO/support-scam PDFs that impersonate airlines or travel brands and route users to attacker-controlled call centers rather than a normal travel document.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_010_off0001af2f.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1AF2F | 150736 bytes |
SHA-256: 245997b869b3264d18260db6014589441b0baf7dc86853909f151a597308431d |
|||
stream_022_off0002873e.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2873E | 18240 bytes |
SHA-256: ab5f571bf0cd18a495d3ad2095b48edc8a90a4ff34d2cb5d46c82eaa51a75def |
|||
stream_026_off0002a6ba.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2A6BA | 18240 bytes |
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95 |
|||
font_00_sfnt_off00019eea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19EEA | 217712 bytes |
SHA-256: cf79bdaf9367f1a05485080bf2b8b5ed5d129a3b73f65d254f75a38ebf89722f |
|||
font_02_sfnt_off00032ec7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x32EC7 | 50208 bytes |
SHA-256: 305bf8c7a76ca05575d24c7c0fa3c8ce32844576d3cdaa976f680868b869fef6 |
|||
font_03_sfnt_off00033e2f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x33E2F | 50400 bytes |
SHA-256: 3933f0a171d2e1d52238afd1697f635a25c78debe3762eae68e9de3aebda16b8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.