MALICIOUS
60
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
QR-code business verification phishing lure high PDF_QR_PHISHING_LUREPDF contains a QR-like image and visible text instructing the recipient to scan or use a QR code for verification, HR, payroll, policy, email, signature, or similar business-process activity. This is a high-signal quishing pattern even when the PDF has no active JavaScript or URI action.
-
QR-code redirect lure medium SE_QR_LUREDocument instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
icc_00_off00000113.icc |
pdf-icc-profile | PDF ICC profile at offset 0x113 | 536 bytes |
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d |
|||
font_00_sfnt_off000303be.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x303BE | 26620 bytes |
SHA-256: b6691c0273278182046471f269bd1ec6bb0a8f1f5f39392b6fdd0851b5effd35 |
|||
font_01_sfnt_off00034a1d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x34A1D | 39232 bytes |
SHA-256: 397b7b52bb48c38d194863818bb82720e0151926ce0fbbab3f86d4505fb1e730 |
|||
font_02_sfnt_off0003aaa5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3AAA5 | 15932 bytes |
SHA-256: 25c6431c0d74545204580c4b2cb44682ec70729f42804ca992baf184606d4f05 |
|||
font_03_sfnt_off0003d749.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3D749 | 18144 bytes |
SHA-256: df49af669802daea85927e86d0f9e67f59c51f9d9b53bb2c198e91f760be82cb |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.