PDF static analysis report

Static analysis result for SHA-256 07e09a4af5a9bd0b…

SUSPICIOUS

PDF

4.67 MB First seen: 2026-05-26
MD5: 5a613c128b16958e680faa80f993a0b8 SHA-1: 8577790ed5f1740cc1b1ab3aec2d6ef4c2a4a32f SHA-256: 07e09a4af5a9bd0b18d02f3905899a1352227254f2b61373695a03b9f9e85cde
32 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains an embedded URI pointing to a procurement email address, suggesting a phishing lure. The high stream count and duplicate object bodies indicate potential obfuscation techniques commonly used in malicious documents. No scripts were extracted, and the document body was unreadable, limiting further analysis.

Machine Learning

  • Nyx PDF Classifier clean score 0.0073

Heuristics 4

  • Unusually high stream count medium PDF_MANY_STREAMS
    PDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
  • External URI low PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# PDF link annotation
    • http://ns.adobe.com/pdf/1.3/PDF link annotation
    • http://ns.adobe.com/xap/1.0/PDF link annotation
    • http://purl.org/dc/elements/1.1/PDF link annotation
    • http://ns.adobe.com/xap/1.0/mm/PDF link annotation

Extracted artifacts 29

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_006_off00082087.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x82087 4194304 bytes
SHA-256: 936571489edf910d4909f13f2a227724cc77d895992846bd1262ea6cc7ae43d3
stream_167_off0013ff25.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x13FF25 2776 bytes
SHA-256: 0eb6868d703ab11025062f9d8a1937b0d318b872aa1cda43564b3a7c5c684632
stream_183_off00151191.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x151191 2069 bytes
SHA-256: 515ecf1391f7d428917f54be9945654d28b14691c59ca98bda4f5f5a54b2c00d
stream_186_off00153479.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x153479 3748 bytes
SHA-256: a6cc29c143f7775090b24c887961d678f7ecdb05c95e206fd14ffc08f589c434
font_00_cff_off00118451.bin pdf-font-stream PDF embedded font (cff) at offset 0x118451 709 bytes
SHA-256: eb6df8f6eeb6e4931eea899d5e162e83023dcf41559afa5edeb95fb01b16dffe
font_01_cff_off0011b19b.bin pdf-font-stream PDF embedded font (cff) at offset 0x11B19B 717 bytes
SHA-256: 453e442562044b89dcc3ac5b070ff90a29aa112440d93c57fef3137b4068739b
font_03_cff_off0011cef3.bin pdf-font-stream PDF embedded font (cff) at offset 0x11CEF3 852 bytes
SHA-256: a9751ea4ced232f3c1dcb23f2c76a9204ccc98a2476e93fa8452b37a25ecfa70
font_05_cff_off0011ecdc.bin pdf-font-stream PDF embedded font (cff) at offset 0x11ECDC 1172 bytes
SHA-256: 7133b355df4ae880b345977dd7ab05e37d0e6194c83935c431297fcf23fb8867
font_07_cff_off00120c49.bin pdf-font-stream PDF embedded font (cff) at offset 0x120C49 2330 bytes
SHA-256: fd39345a306d9098b2869471d9a855ce3f195d478de6fc06344524bce76f43ac
font_08_cff_off00126243.bin pdf-font-stream PDF embedded font (cff) at offset 0x126243 707 bytes
SHA-256: 6acb0a7c4552f1b6eef6fc1f8bc67216590bc5d0da65862e0679fc41a04bab71
font_09_sfnt_off0012beed.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x12BEED 46433 bytes
SHA-256: f6c74475b4fc809c1826705ca401b4b6af2e3989136f42e685406dd0e90f8542
font_10_cff_off0013110c.bin pdf-font-stream PDF embedded font (cff) at offset 0x13110C 3056 bytes
SHA-256: 8a77dc1dc20b1cd0152ea96c4eecf70e5d2c6a64f2eb10a57ec3b16d6e285aef
font_11_cff_off00134f85.bin pdf-font-stream PDF embedded font (cff) at offset 0x134F85 628 bytes
SHA-256: 6d1f01b11e05c5da3274dfe9c6cb43da165d822d1aa6d323430281fa68507f3c
font_12_sfnt_off0013abb2.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x13ABB2 46971 bytes
SHA-256: d7cdc5d35dbaf9ee695ae7d8816fad008798a7b4c03cfcfd0e71f22a11ad564f
font_14_cff_off00145e1e.bin pdf-font-stream PDF embedded font (cff) at offset 0x145E1E 854 bytes
SHA-256: c1d5f05dbad94a6156354bffa8e3f14aea674907b018a5d962a8473d538261d5
font_15_sfnt_off0014bb5c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x14BB5C 48097 bytes
SHA-256: c404178351806f25dab703980e67f924448f7c2b351c9f12ef855a5bda51a1dd
font_19_cff_off00155d0e.bin pdf-font-stream PDF embedded font (cff) at offset 0x155D0E 652 bytes
SHA-256: 73b7d4fe9b4f1491672dbfd2216778525763c5e6fc1787a15b0b552d9524d00b
font_20_cff_off00157a1c.bin pdf-font-stream PDF embedded font (cff) at offset 0x157A1C 854 bytes
SHA-256: 4d8caf3c7115ac2be03bbaa5dacbc3f2c815d10da72338941502f7fb753e9b6a
font_21_cff_off0015f9c4.bin pdf-font-stream PDF embedded font (cff) at offset 0x15F9C4 599 bytes
SHA-256: 0601f99b18d17bb5174c02bbd5b983b5c953cca361f82db9a809e1b50e22ee64
font_22_sfnt_off0016560b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x16560B 46833 bytes
SHA-256: fa88e69f53fecf98be2d94fde67100b96c7e3f385a032a897db5f263e0cfa426
font_23_cff_off0016a8e0.bin pdf-font-stream PDF embedded font (cff) at offset 0x16A8E0 2757 bytes
SHA-256: 5e8fa51851bb902487bda7d39fc7c2ecd717976f23551121914d49dc007fdb0f
font_24_cff_off0016cdbd.bin pdf-font-stream PDF embedded font (cff) at offset 0x16CDBD 599 bytes
SHA-256: 8a7fc3e0efe82f05056dbe336367448360159068aaac6af0497b30a9a02bee91
font_25_sfnt_off0017850c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x17850C 46365 bytes
SHA-256: 55bb9651f7f57e175195d116c5e67065d69e635ad834edb0d7fa1a762dc7d3d2
font_26_cff_off0017d690.bin pdf-font-stream PDF embedded font (cff) at offset 0x17D690 1470 bytes
SHA-256: 80e6278482379ac1c3b075b0755e0a6d633ba92644af33bbcee5a2a4316331b2
font_27_cff_off0018341f.bin pdf-font-stream PDF embedded font (cff) at offset 0x18341F 2757 bytes
SHA-256: a2a16bef3edd1ce7db6e4824481d8221ef907b233118c2ee6fc346f92da11fe5
font_28_cff_off0018b3fb.bin pdf-font-stream PDF embedded font (cff) at offset 0x18B3FB 624 bytes
SHA-256: 683d47ac63aba8b70018d8a086c2ed8e138828e3cdf0bb792803ddcdf7892871
font_29_sfnt_off001910c5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1910C5 46859 bytes
SHA-256: b7e86e5996b844253455d9ed8b3b8bf3598cde1c738964e649e8b152d7cc9188
font_30_cff_off001963b3.bin pdf-font-stream PDF embedded font (cff) at offset 0x1963B3 744 bytes
SHA-256: 692e580fc266f6dff97265f458b9e5f3880f86d9cd58f455694e5716a1199ded
font_31_cff_off0019c351.bin pdf-font-stream PDF embedded font (cff) at offset 0x19C351 3341 bytes
SHA-256: 95355c37cb6354f5ba8088a0629e7b844f71b8071ca434b624f83eca338ff0ba