PDF static analysis report

Static analysis result for SHA-256 13b299e19dc3c003…

CLEAN

PDF

83.5 KB Created: 2017-01-10 17:20:08 +08:00 First seen: 2018-10-07
MD5: d4776290e9e076c2077a7d95b8921e63 SHA-1: 2e26adc0554bf4897f0d99dffdb003d660e218c4 SHA-256: 13b299e19dc3c003886e34b85663b06902e066a0ed9e3bda39da13e3258396fc
4 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0405

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://rehabilitacja.hekko24.pl/umlproducts/_cPJhnJ16444887bfYk.pdf PDF link annotation
    • http://www.alistatrans.ru/extlib/rYcJkmPmxzshJGnlbfePiYhlxf16444468Pz.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/uzed_eerluzx_nebmzorJw_QGmiY16444469to.pdfIn PDF document text
    • http://redhorseysbus.com/viewnecessary/ekhQmfl16408652ffdf.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/GedPsY16355763blr.pdfIn PDF document text
    • http://redhorseysbus.com/viewnecessary/ddtrzfccskJfxc16369886w.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/wmtsPi16444370Yt.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/quitewalk/ancxlvdccwkosv16363649ePQ.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/GQ_cancmcdcJv16444470soz.pdfIn PDF document text
    • http://www.hofmannmedical.cl/educationfiles/recentnecessary.php/JoQebuQl16390949faY.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/lxQfdJmnixmxvbeflQ16355845Y_G.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/quitewalk/YunaP16351485fod.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/quitewalk/mQxf16363647d.pdfIn PDF document text
    • http://www.hofmannmedical.cl/educationfiles/recentnecessary.php/mihbzlJo16441276wdJ.pdfIn PDF document text
    • http://www.hofmannmedical.cl/educationfiles/recentnecessary.php/xPYwrboxzfGuQfieifdQniztJn16441286_i.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/quitewalk/t_osGexiwvmht16351689vba.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/ctGfxosdwml_uvQzxaoJkQtxfwdP16444251xli.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/quitewalk/lthkelescibddhftwcrllnabhu16351641v.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/hJmlGwnrmc_JttvcdiPihuvkrrufr16444362lne.pdfIn PDF document text
    • http://www.hofmannmedical.cl/educationfiles/recentnecessary.php/cYoG16391261bczJ.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/aichbxixaPttvntavkdmfkrnued16355946b.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/xbnbQv16444312xai.pdfIn PDF document text
    • http://www.hofmannmedical.cl/educationfiles/recentnecessary.php/QYvc16441300iv.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/rs_GizmehezhklsnrvrrY16444231JinP.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/umlproducts/eo_unmlsJlcrYalikQknYxidkeYJux16380927G.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/izxJmcnQror_ehzPxeQdYlaw16444471Pw.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/PPthbdrrJJcatYzPwJtb16444467imi.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/rvJwGcPtnaPwvQmkPwPQlmexuQYzo16444343PP.pdfIn PDF document text
    • http://www.hofmannmedical.cl/educationfiles/recentnecessary.php/oGmGns16441319YaG.pdfIn PDF document text
    • http://redhorseysbus.com/viewnecessary/QzQYnvzh_elmkrhhwrnxeePsabab_16369710ern.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/shwszeen16444274xfod.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/hdPwzQ_el_ltYrdhaakJdkb16364372Qn.pdfIn PDF document text
    • http://www.masterdea.it/bbs/eulkYcaazPwo_wz_ff15205048uQn.pdfIn PDF document text
    • http://www.masterdea.it/treatment/dvcxvmPwYxcrlmekY_uQQn15276847k.pdfIn PDF document text
    • http://www.masterdea.it/bbs/dimxQm15221033eiP.pdfIn PDF document text
    • http://www.masterdea.it/treatment/urdcenJzhQQYwbPhzozeQ_hdPn15309290ovo.pdfIn PDF document text
    • http://www.masterdea.it/bbs/Yxx_cYatQknuYuretusww_hmcP15270998hv_h.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/uhziwktdtb_16444229Qchn.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/quitewalk/f_rPszPacvvtQkrowtuiYwvi16435196s.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/quitewalk/Ju_conirQ16363580r.pdfIn PDF document text
    • http://thestoveinstallationcompany.co.uk/quitewalk/iQibdbfxtnr16351317cbfi.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/lYnfscbv16444297hnQ.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/umlproducts/GxrkiediJQmbfzmxY16444890r.pdfIn PDF document text
    • http://redhorseysbus.com/viewnecessary/szYPkmhah16369221GmYf.pdfIn PDF document text
    • http://redhorseysbus.com/viewnecessary/uYnmPttsPvmJbe_kzcfrx16369803vd.pdfIn PDF document text
    • http://www.hofmannmedical.cl/educationfiles/recentnecessary.php/nwscJQierelvzn16391196xiQ.pdfIn PDF document text
    • http://www.alistatrans.ru/extlib/GJhbGYldnurivrrtdzGcwiclPeww16428289P.pdfIn PDF document text
    • http://rehabilitacja.hekko24.pl/umlproducts/zGJbm_ubn_YxismztYrdrtv16437134hx.pdfIn PDF document text
    • http://www.hofmannmedical.cl/educationfiles/recentnecessary.php/YJfotswm16441338sx_.pdfIn PDF document text
    • http://redhorseysbus.com/viewnecessary/muvvbruthfczssaet_e_urmY16369381JtJd.pdfIn PDF document text
    +25 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000a739.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xA739 19856 bytes
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120
font_01_sfnt_off0000dccb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xDCCB 19964 bytes
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8
font_02_sfnt_off0001128c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1128C 20828 bytes
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1