SUSPICIOUS
32
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains an embedded URI pointing to a procurement email address, suggesting a phishing lure. The high stream count and duplicate object bodies indicate potential obfuscation techniques commonly used in malicious documents. No scripts were extracted, and the document body was unreadable, limiting further analysis.
Machine Learning
- Nyx PDF Classifier clean score 0.0073
Heuristics 4
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
External URI low PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.w3.org/1999/02/22-rdf-syntax-ns# PDF link annotation
- http://ns.adobe.com/pdf/1.3/PDF link annotation
- http://ns.adobe.com/xap/1.0/PDF link annotation
- http://purl.org/dc/elements/1.1/PDF link annotation
- http://ns.adobe.com/xap/1.0/mm/PDF link annotation
Extracted artifacts 29
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off00082087.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x82087 | 4194304 bytes |
SHA-256: 936571489edf910d4909f13f2a227724cc77d895992846bd1262ea6cc7ae43d3 |
|||
stream_167_off0013ff25.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x13FF25 | 2776 bytes |
SHA-256: 0eb6868d703ab11025062f9d8a1937b0d318b872aa1cda43564b3a7c5c684632 |
|||
stream_183_off00151191.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x151191 | 2069 bytes |
SHA-256: 515ecf1391f7d428917f54be9945654d28b14691c59ca98bda4f5f5a54b2c00d |
|||
stream_186_off00153479.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x153479 | 3748 bytes |
SHA-256: a6cc29c143f7775090b24c887961d678f7ecdb05c95e206fd14ffc08f589c434 |
|||
font_00_cff_off00118451.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x118451 | 709 bytes |
SHA-256: eb6df8f6eeb6e4931eea899d5e162e83023dcf41559afa5edeb95fb01b16dffe |
|||
font_01_cff_off0011b19b.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x11B19B | 717 bytes |
SHA-256: 453e442562044b89dcc3ac5b070ff90a29aa112440d93c57fef3137b4068739b |
|||
font_03_cff_off0011cef3.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x11CEF3 | 852 bytes |
SHA-256: a9751ea4ced232f3c1dcb23f2c76a9204ccc98a2476e93fa8452b37a25ecfa70 |
|||
font_05_cff_off0011ecdc.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x11ECDC | 1172 bytes |
SHA-256: 7133b355df4ae880b345977dd7ab05e37d0e6194c83935c431297fcf23fb8867 |
|||
font_07_cff_off00120c49.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x120C49 | 2330 bytes |
SHA-256: fd39345a306d9098b2869471d9a855ce3f195d478de6fc06344524bce76f43ac |
|||
font_08_cff_off00126243.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x126243 | 707 bytes |
SHA-256: 6acb0a7c4552f1b6eef6fc1f8bc67216590bc5d0da65862e0679fc41a04bab71 |
|||
font_09_sfnt_off0012beed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12BEED | 46433 bytes |
SHA-256: f6c74475b4fc809c1826705ca401b4b6af2e3989136f42e685406dd0e90f8542 |
|||
font_10_cff_off0013110c.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x13110C | 3056 bytes |
SHA-256: 8a77dc1dc20b1cd0152ea96c4eecf70e5d2c6a64f2eb10a57ec3b16d6e285aef |
|||
font_11_cff_off00134f85.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x134F85 | 628 bytes |
SHA-256: 6d1f01b11e05c5da3274dfe9c6cb43da165d822d1aa6d323430281fa68507f3c |
|||
font_12_sfnt_off0013abb2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13ABB2 | 46971 bytes |
SHA-256: d7cdc5d35dbaf9ee695ae7d8816fad008798a7b4c03cfcfd0e71f22a11ad564f |
|||
font_14_cff_off00145e1e.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x145E1E | 854 bytes |
SHA-256: c1d5f05dbad94a6156354bffa8e3f14aea674907b018a5d962a8473d538261d5 |
|||
font_15_sfnt_off0014bb5c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14BB5C | 48097 bytes |
SHA-256: c404178351806f25dab703980e67f924448f7c2b351c9f12ef855a5bda51a1dd |
|||
font_19_cff_off00155d0e.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x155D0E | 652 bytes |
SHA-256: 73b7d4fe9b4f1491672dbfd2216778525763c5e6fc1787a15b0b552d9524d00b |
|||
font_20_cff_off00157a1c.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x157A1C | 854 bytes |
SHA-256: 4d8caf3c7115ac2be03bbaa5dacbc3f2c815d10da72338941502f7fb753e9b6a |
|||
font_21_cff_off0015f9c4.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x15F9C4 | 599 bytes |
SHA-256: 0601f99b18d17bb5174c02bbd5b983b5c953cca361f82db9a809e1b50e22ee64 |
|||
font_22_sfnt_off0016560b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16560B | 46833 bytes |
SHA-256: fa88e69f53fecf98be2d94fde67100b96c7e3f385a032a897db5f263e0cfa426 |
|||
font_23_cff_off0016a8e0.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x16A8E0 | 2757 bytes |
SHA-256: 5e8fa51851bb902487bda7d39fc7c2ecd717976f23551121914d49dc007fdb0f |
|||
font_24_cff_off0016cdbd.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x16CDBD | 599 bytes |
SHA-256: 8a7fc3e0efe82f05056dbe336367448360159068aaac6af0497b30a9a02bee91 |
|||
font_25_sfnt_off0017850c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17850C | 46365 bytes |
SHA-256: 55bb9651f7f57e175195d116c5e67065d69e635ad834edb0d7fa1a762dc7d3d2 |
|||
font_26_cff_off0017d690.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x17D690 | 1470 bytes |
SHA-256: 80e6278482379ac1c3b075b0755e0a6d633ba92644af33bbcee5a2a4316331b2 |
|||
font_27_cff_off0018341f.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x18341F | 2757 bytes |
SHA-256: a2a16bef3edd1ce7db6e4824481d8221ef907b233118c2ee6fc346f92da11fe5 |
|||
font_28_cff_off0018b3fb.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x18B3FB | 624 bytes |
SHA-256: 683d47ac63aba8b70018d8a086c2ed8e138828e3cdf0bb792803ddcdf7892871 |
|||
font_29_sfnt_off001910c5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1910C5 | 46859 bytes |
SHA-256: b7e86e5996b844253455d9ed8b3b8bf3598cde1c738964e649e8b152d7cc9188 |
|||
font_30_cff_off001963b3.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1963B3 | 744 bytes |
SHA-256: 692e580fc266f6dff97265f458b9e5f3880f86d9cd58f455694e5716a1199ded |
|||
font_31_cff_off0019c351.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x19C351 | 3341 bytes |
SHA-256: 95355c37cb6354f5ba8088a0629e7b844f71b8071ca434b624f83eca338ff0ba |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.