MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is a PDF document that contains a large number of phone numbers, consistent with a travel support scam. The heuristic firings indicate a high count of phone numbers and a callback lure pattern. The document body is heavily obfuscated and does not provide clear textual content, but the heuristics strongly suggest a scamming attempt.
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Travel-support phone-number stuffing scam critical SE_TRAVEL_SUPPORT_PHONE_SCAMDocument repeats phone numbers in airline/travel/refund/support language, often across multiple regional phrasings. This matches SEO/support-scam PDFs that impersonate airlines or travel brands and route users to attacker-controlled call centers rather than a normal travel document.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_014_off000191d1.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x191D1 | 150316 bytes |
SHA-256: 314164698dcd254ebf8895d14e70c9264367cbc1417bdbd6e0eec8045a3395ae |
|||
font_01_sfnt_off00021f05.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x21F05 | 221836 bytes |
SHA-256: 0c33774a837ac817da5f1ccc527795d8b017b67a20d8b35cd2c3d6555f92af06 |
|||
font_02_sfnt_off0002343b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2343B | 47796 bytes |
SHA-256: e63a51dfd52b6a8c3166c59ef4814eb245c5181b09637107ec97ab4eb48e1cf5 |
|||
font_03_sfnt_off00026d4b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x26D4B | 6096 bytes |
SHA-256: 03c02e05377f87b7ffcfeecda6ee9d693b22f57d196f7e92f5eec09b0c4d8096 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.