CLEAN
12
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0031
Heuristics 3
-
External URI low PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.w3.org/1999/02/22-rdf-syntax-ns# PDF link annotation
- http://purl.org/dc/elements/1.1/PDF link annotation
- http://ns.adobe.com/xap/1.0/PDF link annotation
- http://ns.adobe.com/pdf/1.3/PDF link annotation
- http://ns.adobe.com/xap/1.0/mm/PDF link annotation
- http://en.wikipedia.org/wiki/MIT_LicensePDF link annotation
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XPDF link annotation
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0PDF link annotation
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZPDF link annotation
- http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0PDF link annotation
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TPDF link annotation
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0PDF link annotation
- http://www.microsoft.com/typography/0PDF link annotation
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off0000429e.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x429E | 284348 bytes |
SHA-256: bdc874938216b8b27290c917ff26c0f7534fbb9bf012422ddc35c780631fd11c |
|||
stream_007_off0001a42b.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1A42B | 304656 bytes |
SHA-256: 2a9d134a17f096618dfa6070a91e893e2307e1cbc95286b2f9ab61ac77be8ead |
|||
stream_021_off000507b3.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x507B3 | 47574 bytes |
SHA-256: d5e5122d98d4cfc67d0bdf792bd4f33d7158d13a359effc6c805bd10d02ce7ec |
|||
font_00_sfnt_off0003de35.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3DE35 | 51235 bytes |
SHA-256: cf706d013ba415b0068a397c34e48a347003d7b792024d82f5bc84570d977dec |
|||
font_01_sfnt_off00047a1f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x47A1F | 51235 bytes |
SHA-256: 1a12305322a6b97bc558430432f5ec07462dab07399a6c46ec7e5245f95cd090 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.