PDF static analysis report

Static analysis result for SHA-256 ef9fb876194c79a8…

CLEAN

PDF

288.6 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-29
MD5: f6e6a659af4d7277251b64c148c34a4b SHA-1: b015db04266959672101ded3d78db6547ab5aaa5 SHA-256: ef9fb876194c79a82bae0f1d906eaa630a99f78bc5749edb99565bb380440290
20 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 1

  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_021_off00036f61.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x36F61 151112 bytes
SHA-256: b444e3c363fb3ea3f91a9f92671832dcbb908f8daaaef91eadc95a22a86f6882
font_00_sfnt_off00031e21.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x31E21 127396 bytes
SHA-256: 40b45acd1970738a3f16e0a03a1fb0430cc62b579a887b86297ca7ca75bb307d
font_02_sfnt_off0003ffc4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3FFC4 217340 bytes
SHA-256: 94e96ca5dcf0707727b48752fdd01a4cb343919f3b48cba95a6cbc0d6d0c748e
font_03_sfnt_off00040ee5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x40EE5 50400 bytes
SHA-256: 3933f0a171d2e1d52238afd1697f635a25c78debe3762eae68e9de3aebda16b8
font_04_sfnt_off00042987.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x42987 11592 bytes
SHA-256: f843cfcc140ebfecb3cc558d96ce63afdbdde41a36e4ab00e344fe1315071c2b