PDF static analysis report

Static analysis result for SHA-256 0f9e7529b30713d4…

CLEAN

PDF

374.3 KB Created: 2008-06-19 11:21:13 +05:30 Authoring application: Adobe Photoshop Version 9.0x196 (via Acrobat Distiller 7.0.5 for Macintosh) First seen: 2015-09-14
MD5: f59f85f4487fe31a82a4423ad977eba8 SHA-1: d6e9e8e90a2f674a4ed222ced9b1fd8f175609ce SHA-256: 0f9e7529b30713d4d97586a512a351be807692f2bd3b072fddaf51e9f522dbe2
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0005

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://prismstandard.org/namespaces/basic/2.0/ In PDF document text
    • http://fontforge.sf.net\051In PDF document text
    • http://www.elsevier.com/locate/mcmPDF link annotation
    • http://dx.doi.org/10.1016/j.mcm.2010.03.007In PDF document text
    • http://www.elsevier.com/locate/mcm)/S/URI/Type/ActionIn PDF document text
    • http://dx.doi.org/10.1016/j.mcm.2010.03.007)/S/URI/Type/ActionIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/photoshop/1.0/In PDF document text
    • http://ns.adobe.com/tiff/1.0/In PDF document text
    • http://ns.adobe.com/exif/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text
    • http://ns.adobe.com/xap/1.0/rights/In PDF document text
    • http://ns.adobe.com/pdfx/1.3/In PDF document text
    • http://fontforge.sf.net/In PDF document text
    • http://fontforge.sf.netIn PDF document text

Extracted artifacts 8

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_011_off00008dd1.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8DD1 24573 bytes
SHA-256: 58daba0e9ec5d4d0806ed4d4224d4fa7f183c7c14958cf2a4510f10d0782e366
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.91, consistent with packed or encrypted content.
stream_023_off0003240b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3240B 2689 bytes
SHA-256: 7b5983e0fbf7349aa65580c19b1ff8004cf96a69a6b616565e5e679609522af8
stream_064_off000492c4.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x492C4 5127 bytes
SHA-256: ca73914f0ebe9183bd7c3dd1abe562b0610ea70c49fe80280a21854e15c3b263
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.76, consistent with packed or encrypted content.
font_00_type1_off00002ec5.bin pdf-font-stream PDF embedded font (type1) at offset 0x2EC5 2606 bytes
SHA-256: 86b29b8809f12ed0faa145314c08bba53bf62dd29729729cc2ba0f5009c9891b
font_01_type1_off00003a50.bin pdf-font-stream PDF embedded font (type1) at offset 0x3A50 21661 bytes
SHA-256: 47236b66ae7eb3f4ccb642326659847f2518227fc302c73ec2f0288f80b4eba9
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.87, consistent with packed or encrypted content.
font_02_type1_off00013637.bin pdf-font-stream PDF embedded font (type1) at offset 0x13637 2672 bytes
SHA-256: 18f7c11b645b6d8daf48c37026419c86beab60e7378a01a8c67d1913003fbb5b
font_03_type1_off000236b7.bin pdf-font-stream PDF embedded font (type1) at offset 0x236B7 17061 bytes
SHA-256: a71a68831279199714f03d3cd8a7317ebe6dd2a5e448e766e8491b6ccbf62013
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.93, consistent with packed or encrypted content.
font_04_cff_off0004a8f2.bin pdf-font-stream PDF embedded font (cff) at offset 0x4A8F2 3493 bytes
SHA-256: 531100b5336511ea91b61be632885fb2c96cd5bfe9d77d9f77000322bc733473