PDF static analysis report

Static analysis result for SHA-256 13e73e3341e2816a…

CLEAN

PDF

329.0 KB Authoring application: Skia/PDF m149 Google Docs Renderer First seen: 2026-05-28
MD5: 637a09fcc829a26e113adc70ff71784c SHA-1: d6bc74c6cbcdb4c09d2dabbb4b02b02720c484d3 SHA-256: 13e73e3341e2816a88391dd99cc7e4caba148cbf748b9f947d3c903bf2558404
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0123

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gotvnow.top?new PDF link annotation

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_001_off000002a6.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2A6 854130 bytes
SHA-256: 3b3d7e311c38ffb8df4545c71aff97518fe113a164612e3aac8cd39d11083796
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.61, consistent with packed or encrypted content.
icc_00_off000000cf.icc pdf-icc-profile PDF ICC profile at offset 0xCF 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off0004c47d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x4C47D 24796 bytes
SHA-256: 038b87d3e214f6d022d14f5ad9d3a55d60f63c45cf23667e4d7baf38e48c45c6
font_01_sfnt_off000504b4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x504B4 12104 bytes
SHA-256: 883364879ae20622a8b3200a2459700638e5f0c62bda57e83de43d2f0488aba1