PDF static analysis report

Static analysis result for SHA-256 dafca73a99ce205f…

CLEAN

PDF

249.5 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-26
MD5: 24c2f7a721c1b5cce23581ffa4b35200 SHA-1: 670e866dfcba290b47a001bb804715213dcc507f SHA-256: dafca73a99ce205f02a33919aff9d446f71abbe799b09b3d6a599547ef252d33
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 2

  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
  • External URI info PDF_URI
    PDF contains an external URL action

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_012_off0001f70b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1F70B 149916 bytes
SHA-256: b622673b7fee07bae8bc595a26a4d3748d1645d9fdb027d11eaee001b75d4ee4
stream_032_off0003233d.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3233D 18240 bytes
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95
icc_00_off0000ebe6.icc pdf-icc-profile PDF ICC profile at offset 0xEBE6 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_01_sfnt_off0002836a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2836A 29100 bytes
SHA-256: 50d0e023038d258eacaad0e60beadfc66d43519f14aac2e75488b54d734dc845
font_02_sfnt_off00028c9f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x28C9F 13508 bytes
SHA-256: bd9e83287b0d68b69d51ade3b1a6d88c9d79616100fdc6bf8b94f35bdafefa18
font_03_sfnt_off0002af05.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2AF05 220352 bytes
SHA-256: 901c02e2f24c0d35518562ce8d6738aa137289be322bb373304d16c9ed0a2392