PDF static analysis report

Static analysis result for SHA-256 f070935d5ae2d0a8…

SUSPICIOUS

PDF

136.8 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-26
MD5: 1daa5f5a9734d9072f9cadae8518d0c1 SHA-1: 5eb8b09cbc0a77e5fe6a957658f85f0b330ea517 SHA-256: f070935d5ae2d0a8e1703a84e7e1758ecabc638161411020f0f211eb913cc014
40 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 1

  • Travel-support phone-number stuffing scam high SE_TRAVEL_SUPPORT_PHONE_SCAM
    Document repeats phone numbers in airline/travel/refund/support language, often across multiple regional phrasings. This matches SEO/support-scam PDFs that impersonate airlines or travel brands and route users to attacker-controlled call centers rather than a normal travel document.

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_008_off00012e04.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x12E04 146640 bytes
SHA-256: b09dd695d1b0397a554e1262993fd5330da1f9c5dc52b74851eb47b63e65c32c
font_01_sfnt_off0002033d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2033D 43708 bytes
SHA-256: f3f77ff188bf0b99a3ba73fc5e97b674673d331775b787bd50108b07f979f9d5
font_02_sfnt_off00020f74.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x20F74 217092 bytes
SHA-256: 9e5773657037718084fd49d4963672854478a6c2af77da49a79191978fd8ba11