PDF static analysis report

Static analysis result for SHA-256 07b9edef390c5482…

CLEAN

PDF

341.5 KB Created: 2017-04-11 14:28:20 +02:00 Authoring application: Microsoft® Word 2010 First seen: 2020-09-07
MD5: 448f3d2193f5310584c3378e80d4b5be SHA-1: 4f8f9a81b9c211c700bc4f6a20075ab4471da1bb SHA-256: 07b9edef390c5482519c2333c83ed488020f3d024c5ac2c54bb1d6926fe87500
12 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0031

Heuristics 3

  • External URI low PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# PDF link annotation
    • http://purl.org/dc/elements/1.1/PDF link annotation
    • http://ns.adobe.com/xap/1.0/PDF link annotation
    • http://ns.adobe.com/pdf/1.3/PDF link annotation
    • http://ns.adobe.com/xap/1.0/mm/PDF link annotation
    • http://en.wikipedia.org/wiki/MIT_LicensePDF link annotation
    • http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XPDF link annotation
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0PDF link annotation
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZPDF link annotation
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0PDF link annotation
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TPDF link annotation
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0PDF link annotation
    • http://www.microsoft.com/typography/0PDF link annotation

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_005_off0000429e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x429E 284348 bytes
SHA-256: bdc874938216b8b27290c917ff26c0f7534fbb9bf012422ddc35c780631fd11c
stream_007_off0001a42b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1A42B 304656 bytes
SHA-256: 2a9d134a17f096618dfa6070a91e893e2307e1cbc95286b2f9ab61ac77be8ead
stream_021_off000507b3.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x507B3 47574 bytes
SHA-256: d5e5122d98d4cfc67d0bdf792bd4f33d7158d13a359effc6c805bd10d02ce7ec
font_00_sfnt_off0003de35.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3DE35 51235 bytes
SHA-256: cf706d013ba415b0068a397c34e48a347003d7b792024d82f5bc84570d977dec
font_01_sfnt_off00047a1f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x47A1F 51235 bytes
SHA-256: 1a12305322a6b97bc558430432f5ec07462dab07399a6c46ec7e5245f95cd090