CLEAN
22
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.1320
Heuristics 2
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://honeyblog.org/ In PDF document text
- http://www.datalifter.comIn PDF document text
- http://www.digitalforensicssolutions.com/Scalpel/In PDF document text
- http://www.syngress.com/digital-forensics/Malware-In PDF document text
- http://www.e-fense.com/helix3pro.phpIn PDF document text
- http://www.virusbtn.com/resources/glossary/blended_threat.xmlIn PDF document text
- http://www.malwarefieldguide.com/Chapter1.htmlIn PDF document text
- http://www.malwarefieldguide.com/Contact_Us.htmlIn PDF document text
- https://www.hbgary.com/products-services/fastdump/In PDF document text
- https://www.hbgary.com/community/free-In PDF document text
- http://www.hbgary.com/wp-In PDF document text
- http://www.agileriskmanagement.com/publications_4.htmlIn PDF document text
- http://www.f-response.com/In PDF document text
- http://www.ntsecurity.nu/toolbox/promiscdetect/In PDF document text
- http://www.systemtools.com/cgi-bin/download.plIn PDF document text
- http://www.teamcti.com/pview/prcview.htmIn PDF document text
- https://www.rootkit.com/vault/xshadow/ReadMe.txtIn PDF document text
- http://ntsecurity.nu/toolbox/listmodules/In PDF document text
- http://www.systemtools.com/download/dumpacl.zipIn PDF document text
- http://www.foundstone.com/us/resources/proddesc/ntlast.htmIn PDF document text
- http://www.foundstone.com/us/resources/proddesc/forensictoolkit.htmIn PDF document text
- http://www.foundstone.com/us/resources/proddesc/rifiuti.htmIn PDF document text
- http://www.ntsecurity.nu/toolbox/macmatch/In PDF document text
- http://www.systemtools.com/download/dumpreg.zipIn PDF document text
- http://www.foundstone.com/us/resources/proddesc/galleta.htmIn PDF document text
- http://www.foundstone.com/us/resources/proddesc/DumpAutoComplete.htmIn PDF document text
- http://www.hbgary.com/free-toolsIn PDF document text
- http://www.sleuthkit.org/sleuthkit/docs/api-In PDF document text
- http://www.sleuthkit.org/index.phpIn PDF document text
- http://www.dfrws.org/2007/proceedings/p92-In PDF document text
- http://www.x-ways.com/In PDF document text
- http://www.hbgary.com/responder-fieldIn PDF document text
- http://www.hbgary.com/responder-In PDF document text
- http://www.hbgary.com/digital-dnaIn PDF document text
- http://www.forensickb.com/2007/11/extract-mft-In PDF document text
- http://www.ntsecurity.nu/toolbox/pmdump/In PDF document text
- http://www.swgde.org/documents/current-In PDF document text
- http://www.dfrws.org/2009/proceedings/p69-zhu.pdfIn PDF document text
- http://www.mountimage.comIn PDF document text
- http://wetstonetech.com/cgi-bin/shop.cgi?view,2In PDF document text
- http://redwolfcomputerforensics.com/downloads/parse_prefetch_info_v1.4.zipIn PDF document text
- http://www.eventlogxp.com/In PDF document text
- http://www.syngress.com/information-security-and-In PDF document text
- http://accessdata.com/products/computer-In PDF document text
- http://www.oxid.it/cain.htmlIn PDF document text
- http://www.malwarefieldguide.com/Chapter4.htmlIn PDF document text
- http://www.crimetime.com/licensing.htmIn PDF document text
- http://www.pimagazine.com/private_investigator_license_requirements.htmlIn PDF document text
- http://www.enfsi.eu/page.php?uid=1&nom=153In PDF document text
- https://www.icspa.org/nc/media/cyber-security-news-feed/In PDF document text
+242 more URL(s)
Extracted artifacts 31
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_022_off00057061.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x57061 | 15684 bytes |
SHA-256: d68bbf61a6f798d76ea805e524e8b3a0155471e7092946bc5eff50e465fb75e8 |
|||
stream_032_off00061e4f.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x61E4F | 13084 bytes |
SHA-256: 2da63850591b6e65f6ffedd019d9a7be439c00b58cde483ce716d97b391ec4c5 |
|||
stream_091_off000cb70a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xCB70A | 16416 bytes |
SHA-256: fd037844dd147fe263a8788594e3e7daf48fd8f9b6c80062a22094282ae8af66 |
|||
font_00_sfnt_off0003abdd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3ABDD | 6300 bytes |
SHA-256: a1a470f75119246fc2af90d230121e30742408ee2ea33619374f933bcb509925 |
|||
font_01_sfnt_off0003be10.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3BE10 | 4980 bytes |
SHA-256: 5a0f56cf32c05cd6ab9cb895a4917e37c50a5a795ca40e421e7525077d78d9ae |
|||
font_02_sfnt_off0003c961.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3C961 | 11780 bytes |
SHA-256: 21a33b5f7c823fd641c4538ab17783d6a3f8c664cef24481302e59928c907d9f |
|||
font_03_sfnt_off0003f16b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3F16B | 7780 bytes |
SHA-256: dcedabd78291e83d278f51fdbf6ad099e0bf2f89362bfc31f36ccca5bb53eaaa |
|||
font_04_sfnt_off0004090b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4090B | 14172 bytes |
SHA-256: 799a19141fa1cc33183dc06ab20743fbd3dc055c58ddc527378d03baffa5efb7 |
|||
font_05_sfnt_off0004306a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4306A | 11644 bytes |
SHA-256: 050e0fc80ce7e675e25a2693253dc97289108aa10121e4a59c7a7edbe69c15eb |
|||
font_07_sfnt_off0004b820.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4B820 | 8040 bytes |
SHA-256: 31466334e52992bc5775151f128f273030443a89f2100b4d27636ff740765e6a |
|||
font_08_sfnt_off0004daf1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4DAF1 | 13968 bytes |
SHA-256: 26816343122fa4246ecd370a645d0c6c78cedd56d050c319ba35bc1104ed9050 |
|||
font_09_sfnt_off00050072.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x50072 | 8492 bytes |
SHA-256: 3746418f9610007701ecec936034fd18cb43ec65d1e6c3707af844c6ef187705 |
|||
font_10_sfnt_off00051f2a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x51F2A | 9624 bytes |
SHA-256: c6534897f7152ad9b89bfddae1ef7676990d3afe985d108442d33413ff826c43 |
|||
font_11_sfnt_off000538ed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x538ED | 8092 bytes |
SHA-256: 56aedf08e45d064aa8c3ced2c69497d86add0c4320d9e453f1182d1255778783 |
|||
font_12_sfnt_off000550ec.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x550EC | 9016 bytes |
SHA-256: 6045513e54751e739efc488f07112f7344fa1a7c5f0782405321be81797fb8b4 |
|||
font_14_sfnt_off00059b9a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x59B9A | 10360 bytes |
SHA-256: af937f62b835645936dbd4bdfb94e4dd2ffc0b81c160203b9c20e5725a1f3d50 |
|||
font_15_sfnt_off0005ba83.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5BA83 | 10148 bytes |
SHA-256: 67607991eee2b871b276421a330e4b1c95f374af2db8c0bfe680b3fde567b233 |
|||
font_17_sfnt_off0006422e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6422E | 11548 bytes |
SHA-256: f597ee2e7856aa9e76e063f93290c4cd4d85a59823f647bfd128b1a97ef1ee70 |
|||
font_18_sfnt_off00066487.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66487 | 9480 bytes |
SHA-256: 9b4d8eb16ab66594f25cc2f0aac77a94293d172b28e9645aa2b07e1adc1f109c |
|||
font_19_sfnt_off00068983.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68983 | 14176 bytes |
SHA-256: 5bd7134640f34cc51c05c68dc280c049e215c26d961526748850d18fdfd99d3c |
|||
font_20_sfnt_off0006b0ea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B0EA | 8032 bytes |
SHA-256: 4637d9966ca8fab8d7ec4f9ab93ab8e5ba78413a5d95dec82562240f3afa0178 |
|||
font_21_sfnt_off0006c8c4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C8C4 | 8768 bytes |
SHA-256: 9e74e07a64e0deeed198e89bc7b5b03966098b1fd3385c2d178ba3cb8054023b |
|||
font_22_sfnt_off0007013a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7013A | 11348 bytes |
SHA-256: 654b1dfc90ccd9e27d65308b134ac3560a17fdf675d8436293281d262efcfb76 |
|||
font_23_sfnt_off00072029.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72029 | 12000 bytes |
SHA-256: c42425c61d34dae6a77450d5c64b7540c3c7238529356a988be11cf6e4050a9a |
|||
font_25_sfnt_off000778d0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x778D0 | 14716 bytes |
SHA-256: 6a4390672398e7c16dcccebb1201bde6c3b1c1fa7797de48274e4adf966ada54 |
|||
font_26_sfnt_off0007a148.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A148 | 10768 bytes |
SHA-256: ed540d0bb1b4ce773e5870f8e43a977fe43c5d7616461682b6e2398d125a9d8e |
|||
font_27_sfnt_off0007bb2b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BB2B | 8832 bytes |
SHA-256: 0c3b0860cac07c6b47b1071fd729d114bdf3d5487a97a374c1ecfc2450a82af2 |
|||
font_28_sfnt_off0007fee4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FEE4 | 7728 bytes |
SHA-256: 90aa0bcf999dea5fa888851dfdd9beb67acc1269f5838cca2a9743e7469ca83d |
|||
font_29_sfnt_off00084201.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x84201 | 9352 bytes |
SHA-256: 5a3acbea1d4e14ae2de1ac21ee6c76ab74042de4892518018a5cf7ede97159d3 |
|||
font_30_sfnt_off00085e7c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85E7C | 13852 bytes |
SHA-256: 038f0a7595298967ee77254bd832b16bbfe1581781428ba09b54152039cc1f30 |
|||
font_31_sfnt_off000884a0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x884A0 | 12592 bytes |
SHA-256: 8a543032bbfc1f44cfe5f483a754463b044e5aa2b4750334566bb1bb046894d3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.