MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
The file is a PDF document that contains a large number of phone numbers, triggering heuristics for travel support and callback phishing scams. The document body is heavily obfuscated and does not provide clear textual content, but the heuristic firings strongly indicate a social engineering attempt to trick the user into making a phone call for fraudulent purposes.
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Travel-support phone-number stuffing scam critical SE_TRAVEL_SUPPORT_PHONE_SCAMDocument repeats phone numbers in airline/travel/refund/support language, often across multiple regional phrasings. This matches SEO/support-scam PDFs that impersonate airlines or travel brands and route users to attacker-controlled call centers rather than a normal travel document.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_010_off0001af63.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1AF63 | 150220 bytes |
SHA-256: 8a6dd98c6dfbcf34d273e2c42e491956c6a4e09c36fa6d1d259e570bef50be12 |
|||
stream_022_off0002857d.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2857D | 18240 bytes |
SHA-256: ab5f571bf0cd18a495d3ad2095b48edc8a90a4ff34d2cb5d46c82eaa51a75def |
|||
stream_026_off0002a4f9.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2A4F9 | 18240 bytes |
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95 |
|||
font_00_sfnt_off00019f55.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19F55 | 217560 bytes |
SHA-256: fdaaf3f9e4e91176bf1763e3eef12f5c9f4effedff68909cccf47a813d76914a |
|||
font_02_sfnt_off00032d06.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x32D06 | 50208 bytes |
SHA-256: 305bf8c7a76ca05575d24c7c0fa3c8ce32844576d3cdaa976f680868b869fef6 |
|||
font_03_sfnt_off00033c6e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x33C6E | 50400 bytes |
SHA-256: 3933f0a171d2e1d52238afd1697f635a25c78debe3762eae68e9de3aebda16b8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.