CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0003
Heuristics 3
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 2 image(s), only 0 text block(s), carries a click-outward action, and is only 118 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTEDPDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://wwww.microsoft.com0 In extracted file (font_12_sfnt_off00017f64.bin)
- http://www.iec.chIn extracted file (icc_02_off000057cc.icc)
- https://docs.microsoft.com/typography/abouthttp://lucasfonts.comMicrosoftIn extracted file (font_12_sfnt_off00017f64.bin)
- http://en.wikipedia.org/wiki/MIT_LicenseIn extracted file (font_12_sfnt_off00017f64.bin)
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0ZIn extracted file (font_12_sfnt_off00017f64.bin)
- http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0In extracted file (font_12_sfnt_off00017f64.bin)
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0ZIn extracted file (font_12_sfnt_off00017f64.bin)
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0��In extracted file (font_12_sfnt_off00017f64.bin)
- http://www.microsoft.com/PKI/docs/CPS/default.htm0@In extracted file (font_12_sfnt_off00017f64.bin)
- http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0ZIn extracted file (font_12_sfnt_off00017f64.bin)
- http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0In extracted file (font_12_sfnt_off00017f64.bin)
Extracted artifacts 16
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
icc_00_off00001270.icc |
pdf-icc-profile | PDF ICC profile at offset 0x1270 | 4508 bytes |
SHA-256: 73d504558e7d03ef4ff2676ba62c7553ee5bd856b45da2d330e33e012ad61fb3 |
|||
icc_01_off0000226e.icc |
pdf-icc-profile | PDF ICC profile at offset 0x226E | 1992 bytes |
SHA-256: 49429d4dd70f439f6fa47a298e5ffbd280375d2cbd18708b1e05a34aafe5d219 |
|||
icc_02_off000057cc.icc |
pdf-icc-profile | PDF ICC profile at offset 0x57CC | 3144 bytes |
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
|||
font_00_sfnt_off0000803f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x803F | 26240 bytes |
SHA-256: 96ea4ff306ecf6c3a271dec961eca17c61304cf5f4a058e39a0dbe235055e704 |
|||
font_01_sfnt_off0000ca45.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCA45 | 5684 bytes |
SHA-256: 45f5adb0e22ebc6dbe97c1c0b9f84a1e83f2361b932a8b202166526b9affb351 |
|||
font_02_sfnt_off0000d601.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD601 | 6296 bytes |
SHA-256: 39e4ce0bdeeeec3480d62c864b66080be3641e5e7abeb77152795c4178caa73e |
|||
font_03_sfnt_off0000e3d4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE3D4 | 5468 bytes |
SHA-256: 86c19e80e0757fe4f70a7f7790ad1904b3dfc726432f5e6c36e6960b7738e179 |
|||
font_04_sfnt_off0000f105.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF105 | 4484 bytes |
SHA-256: 6938edd54a716ff3f2077e9abbadf86b03ba224df3453d688b424b5bd2871676 |
|||
font_05_sfnt_off0000fc2d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC2D | 5620 bytes |
SHA-256: d72dd81be213284e4ab9095ea4190f34bfea37c66d06ae5e4b566ed48a03b4c0 |
|||
font_06_sfnt_off000107af.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x107AF | 15112 bytes |
SHA-256: a7c4412069d11975a9b154850c72486a429a94dea616324844c9a73c426bf658 |
|||
font_07_sfnt_off00012270.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12270 | 8412 bytes |
SHA-256: f21823420d74a52f41793e9262e0721f7da687bc14e1adeb2f99037dc1a981cc |
|||
font_08_sfnt_off00013839.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13839 | 11532 bytes |
SHA-256: 3337c773edb4142cf5cd3ae407d3e874219835d722894ef5ccbe13b76e280a85 |
|||
font_09_sfnt_off0001516e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1516E | 5620 bytes |
SHA-256: acc43eb5a804e721e4d0c53966f833fc84e1a00134e94c199d84af44e59ce826 |
|||
font_10_sfnt_off00015cef.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15CEF | 8368 bytes |
SHA-256: 3a05993842034d27aa8ec20469f6f697630c14758aa9902cb185e0e4cdbadf22 |
|||
font_11_sfnt_off00017078.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17078 | 6644 bytes |
SHA-256: 8a0db9e7adbaa23b9d98ffd9d80a4c0768d52f41274cea4843a3360a118fffb5 |
|||
font_12_sfnt_off00017f64.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17F64 | 83164 bytes |
SHA-256: 19c65fe8142cd32a4c48a581ec605464f23c642de961708c92ed0221b4c88d3b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.