MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample is a PDF document that contains a high number of phone numbers, consistent with a travel support or callback phishing scam. The heuristics indicate a deliberate attempt to stuff the document with phone numbers to deceive the user into contacting a fraudulent support line. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis.
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Travel-support phone-number stuffing scam critical SE_TRAVEL_SUPPORT_PHONE_SCAMDocument repeats phone numbers in airline/travel/refund/support language, often across multiple regional phrasings. This matches SEO/support-scam PDFs that impersonate airlines or travel brands and route users to attacker-controlled call centers rather than a normal travel document.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
Extracted artifacts 7
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_015_off0001eb8a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1EB8A | 18240 bytes |
SHA-256: 40e421321e795e26ef42df8f532d3ea5ea8f2c595c2f46e8bbf04c2cd9121b4a |
|||
stream_024_off0002291a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2291A | 150432 bytes |
SHA-256: d0e870b8977de6bd6268e7b900f8a405da97d2b71173ca3b00d908d52c5454e0 |
|||
font_01_sfnt_off0002b794.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2B794 | 13508 bytes |
SHA-256: bd9e83287b0d68b69d51ade3b1a6d88c9d79616100fdc6bf8b94f35bdafefa18 |
|||
font_02_sfnt_off0002d9fa.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2D9FA | 221672 bytes |
SHA-256: a7cd16084d175f6b911e09f4aec11053f701f3a8bdf5414f2c39a9ceafde9675 |
|||
font_03_sfnt_off0003a269.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3A269 | 55948 bytes |
SHA-256: 3c6051093235d69c49bba294c3800b69fb67854306ce9e7943d0d6d3649bd30d |
|||
font_04_sfnt_off0003e321.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3E321 | 47820 bytes |
SHA-256: c37ff9f7ac38071c5562ac4531b40d9dd44e418c77721c770c79c0dc31a9a670 |
|||
font_05_sfnt_off00041c8b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x41C8B | 6096 bytes |
SHA-256: 03c02e05377f87b7ffcfeecda6ee9d693b22f57d196f7e92f5eec09b0c4d8096 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.