CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 3
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://airlines.com/ PDF link annotation
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_018_off00021058.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x21058 | 135388 bytes |
SHA-256: 5886ad94fa3eddc9a57adb2ba2201faadc4259472d7cabf9e549d331edc6f935 |
|||
font_00_sfnt_off0001af61.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1AF61 | 17904 bytes |
SHA-256: 1dcd050e0029a8ff969f0b87ef0f550b5c8ad3dc8fa89aa4e5bc2c257cb71aee |
|||
font_02_sfnt_off00029e7b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x29E7B | 48956 bytes |
SHA-256: 12c45c09d8afd64731a758eaa4078936eb27ceceae1b5a3659beb95651e89801 |
|||
font_03_sfnt_off0002a966.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2A966 | 6780 bytes |
SHA-256: 2b95897e930d78719321c3bb60391dc64513484ebbd4cdc633fe7c348ec10bef |
|||
font_04_sfnt_off0002bf4e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2BF4E | 187272 bytes |
SHA-256: bfbff9dfde5ac227dd893a8d7590e37e3cdb98e9c7d51cc46a02c20ab04ed07a |
|||
font_05_sfnt_off0002e1d6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2E1D6 | 10772 bytes |
SHA-256: a38386d235cb8fde479c073bbabeeb44e7f5c480001fd3def913e27b42b7ec0a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.