CLEAN
22
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0002
Heuristics 2
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
-
External URI info PDF_URIPDF contains an external URL action
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_012_off0001f70b.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1F70B | 149916 bytes |
SHA-256: b622673b7fee07bae8bc595a26a4d3748d1645d9fdb027d11eaee001b75d4ee4 |
|||
stream_032_off0003233d.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3233D | 18240 bytes |
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95 |
|||
icc_00_off0000ebe6.icc |
pdf-icc-profile | PDF ICC profile at offset 0xEBE6 | 536 bytes |
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d |
|||
font_01_sfnt_off0002836a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2836A | 29100 bytes |
SHA-256: 50d0e023038d258eacaad0e60beadfc66d43519f14aac2e75488b54d734dc845 |
|||
font_02_sfnt_off00028c9f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x28C9F | 13508 bytes |
SHA-256: bd9e83287b0d68b69d51ade3b1a6d88c9d79616100fdc6bf8b94f35bdafefa18 |
|||
font_03_sfnt_off0002af05.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2AF05 | 220352 bytes |
SHA-256: 901c02e2f24c0d35518562ce8d6738aa137289be322bb373304d16c9ed0a2392 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.