CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0337
Heuristics 3
-
Clickable URI points to raw IP address medium PDF_URI_IP_LITERALPDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.alistatrans.ru/bbs/hrbsslowrrYfmkQmzbYb16363915wsoa.pdf PDF link annotation
- http://79.172.211.32/mail/JufvfiPxhklsb16357692Gd.pdfPDF link annotation
- http://79.172.211.32/mail/boncQuuw16357219co.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/bk_hJlahlicQQv_Qwd_cdhY_YYwob16358449f.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/cQkxblktsadsikrYeskkJYJdu16358477YGz.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/eckbuJYJmobvu16364075xJrw.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/dQruPk_c_PYumnsPYtd_YltQPmwxz16354732wQs.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/akhhxr_lwslJPxmrmQfb16354273rJ.pdfIn PDF document text
- http://79.172.211.32/mail/u_vixYdssamfk_16358175r.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/hsnd_Yzsrmzb16349865Yzud.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/rwcszccrsacvimokxJcbuuaa_eQ16354470_.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/GkhhGoiv16349217Gs.pdfIn PDF document text
- http://79.172.211.32/mail/iaebf16357412xv.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/_iPzG16366896bJfJ.pdfIn PDF document text
- http://79.172.211.32/mail/dlzxevobmfbfhPsGhr16357303ks.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/QJPbiv16358535_.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/sbPoezxmb16349417Pl.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/vivva_lehadaoGP_Jtr16354475Y.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/cGmvttGrfhzf16349672ruwP.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/eb_khkuiuiJtv16354761m.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/hahf16358571kbsf.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/wrJtnwilklmQ16350029JbGl.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/wvrcGrnltfkh16366911hz.pdfIn PDF document text
- http://79.172.211.32/mail/zuJarzcdhobm_idvJaQk_kaQQaQzuu16357194ln.pdfIn PDF document text
- http://79.172.211.32/mail/QacavrmdJxeenYblQrh16366248Gav.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/kzwxtldcbPProlQvwmxPwfuollrYhw16349944Pta.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/zcbaachxhe16366991fb.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/kkhouizlmeiuoJJu16354238du.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/wnnmto_nuakmz_nzbfd16355006zu.pdfIn PDF document text
- http://79.172.211.32/mail/diuQ_owosaJYfohh16366470lckw.pdfIn PDF document text
- http://79.172.211.32/mail/nevoGecPdb_bw16357507Jt.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/QcJckzkesnYhk_lzQenkPemPYxPP16365172ua.pdfIn PDF document text
- http://www.masterdea.it/bbs/nfrzewunbnxfrercazQcbrY15205167ed.pdfIn PDF document text
- http://www.masterdea.it/mobile/oGicmtmYQ_JQvGuthrJz15133664us.pdfIn PDF document text
- http://www.masterdea.it/treatment/wYlzek_QQJvQwJdf_sl15135287YG.pdfIn PDF document text
- http://www.masterdea.it/mobile/szov_vkvdcnJYf_lil_unlwY15348498Y.pdfIn PDF document text
- http://www.masterdea.it/mobile/bsitGkoPkufbdixYcPo15179443o_.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/dhYPPQomxkmdGa_16354576n.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/_oabzfzQshJolivsv16349411kk.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/YQY16367080Qs.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/cbJhn16349990_etr.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/fsec_nGwcQ_GxPJhw16354705Q.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/ucQzhbbGmx16359074ohdb.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/_YePrccnekohzfPzkGQG16359127rG.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/xki_16349611drsP.pdfIn PDF document text
- http://79.172.211.32/mail/nln__rzwak_nicueb16357838_QcY.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/xbcPGolubPGatnm16354986iik.pdfIn PDF document text
- http://79.172.211.32/mail/enskiPa16357620d_fz.pdfIn PDF document text
- http://79.172.211.32/mail/lJc_fknGxokht16366335nz.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/JtYdPmhtrrwwbfkQm16354454Yerm.pdfIn PDF document text
+25 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off0000a0b3.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xA0B3 | 19856 bytes |
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120 |
|||
font_01_sfnt_off0000d645.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD645 | 19964 bytes |
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8 |
|||
font_02_sfnt_off00010c06.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10C06 | 20828 bytes |
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.