PDF static analysis report

Static analysis result for SHA-256 0223abe5aef62034…

CLEAN

PDF

118.2 KB Created: NUšx¯õö035u026031͌÷ÃDʸ4Á013010äÜi010h÷N004VGz¢‰ˆªO%J032¹ø9w, Authoring application: NUšx¯õö035u026031͌÷ÃDî1\[£3Ôµð(s²„ôåÎ&ÃÊGGöKí"³0220275²007þ012L‰àCßìŽÚ©!*e>å (via NUšx¯õö035u026031͌÷ÃD*?0069¸Í;0220349Ì4ú#gğ#»÷!v4‰üë035ÊÍ­004®_ªr000Ô»¼›9010004’å™ú]A006ïÉ&Õ̝Tf´0265) First seen: 2026-05-28
MD5: 01042703e5c476801995d1685d9feb99 SHA-1: a98496b8857d9d45041b8369f0ab45e64e24c886 SHA-256: 0223abe5aef620341cf086422aa12892db03879f4d6cf00ac280c6cafc7037e0
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0003

Heuristics 3

  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 2 image(s), only 0 text block(s), carries a click-outward action, and is only 118 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTED
    PDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://wwww.microsoft.com0 In extracted file (font_12_sfnt_off00017f64.bin)
    • http://www.iec.chIn extracted file (icc_02_off000057cc.icc)
    • https://docs.microsoft.com/typography/abouthttp://lucasfonts.comMicrosoftIn extracted file (font_12_sfnt_off00017f64.bin)
    • http://en.wikipedia.org/wiki/MIT_LicenseIn extracted file (font_12_sfnt_off00017f64.bin)
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0ZIn extracted file (font_12_sfnt_off00017f64.bin)
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0In extracted file (font_12_sfnt_off00017f64.bin)
    • http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0ZIn extracted file (font_12_sfnt_off00017f64.bin)
    • http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0��In extracted file (font_12_sfnt_off00017f64.bin)
    • http://www.microsoft.com/PKI/docs/CPS/default.htm0@In extracted file (font_12_sfnt_off00017f64.bin)
    • http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0ZIn extracted file (font_12_sfnt_off00017f64.bin)
    • http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0In extracted file (font_12_sfnt_off00017f64.bin)

Extracted artifacts 16

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off00001270.icc pdf-icc-profile PDF ICC profile at offset 0x1270 4508 bytes
SHA-256: 73d504558e7d03ef4ff2676ba62c7553ee5bd856b45da2d330e33e012ad61fb3
icc_01_off0000226e.icc pdf-icc-profile PDF ICC profile at offset 0x226E 1992 bytes
SHA-256: 49429d4dd70f439f6fa47a298e5ffbd280375d2cbd18708b1e05a34aafe5d219
icc_02_off000057cc.icc pdf-icc-profile PDF ICC profile at offset 0x57CC 3144 bytes
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
font_00_sfnt_off0000803f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x803F 26240 bytes
SHA-256: 96ea4ff306ecf6c3a271dec961eca17c61304cf5f4a058e39a0dbe235055e704
font_01_sfnt_off0000ca45.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xCA45 5684 bytes
SHA-256: 45f5adb0e22ebc6dbe97c1c0b9f84a1e83f2361b932a8b202166526b9affb351
font_02_sfnt_off0000d601.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xD601 6296 bytes
SHA-256: 39e4ce0bdeeeec3480d62c864b66080be3641e5e7abeb77152795c4178caa73e
font_03_sfnt_off0000e3d4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE3D4 5468 bytes
SHA-256: 86c19e80e0757fe4f70a7f7790ad1904b3dfc726432f5e6c36e6960b7738e179
font_04_sfnt_off0000f105.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF105 4484 bytes
SHA-256: 6938edd54a716ff3f2077e9abbadf86b03ba224df3453d688b424b5bd2871676
font_05_sfnt_off0000fc2d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xFC2D 5620 bytes
SHA-256: d72dd81be213284e4ab9095ea4190f34bfea37c66d06ae5e4b566ed48a03b4c0
font_06_sfnt_off000107af.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x107AF 15112 bytes
SHA-256: a7c4412069d11975a9b154850c72486a429a94dea616324844c9a73c426bf658
font_07_sfnt_off00012270.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x12270 8412 bytes
SHA-256: f21823420d74a52f41793e9262e0721f7da687bc14e1adeb2f99037dc1a981cc
font_08_sfnt_off00013839.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x13839 11532 bytes
SHA-256: 3337c773edb4142cf5cd3ae407d3e874219835d722894ef5ccbe13b76e280a85
font_09_sfnt_off0001516e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1516E 5620 bytes
SHA-256: acc43eb5a804e721e4d0c53966f833fc84e1a00134e94c199d84af44e59ce826
font_10_sfnt_off00015cef.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x15CEF 8368 bytes
SHA-256: 3a05993842034d27aa8ec20469f6f697630c14758aa9902cb185e0e4cdbadf22
font_11_sfnt_off00017078.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x17078 6644 bytes
SHA-256: 8a0db9e7adbaa23b9d98ffd9d80a4c0768d52f41274cea4843a3360a118fffb5
font_12_sfnt_off00017f64.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x17F64 83164 bytes
SHA-256: 19c65fe8142cd32a4c48a581ec605464f23c642de961708c92ed0221b4c88d3b