PDF static analysis report

Static analysis result for SHA-256 165e714b89dc764a…

CLEAN

PDF

398.0 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-26
MD5: fda4fbf787dc8de93e573f56ad525379 SHA-1: bd33c5c69c2fd7e969b82eb6653bf72adb209992 SHA-256: 165e714b89dc764af2be2eb852c2f816250dbe052862bf1e7ad8c1db7e754ee0
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 2

  • Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URI
    PDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://t.co/dL72duPtgv In PDF document text

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off000000c5.icc pdf-icc-profile PDF ICC profile at offset 0xC5 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off00054bfc.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x54BFC 143648 bytes
SHA-256: 07cff730383eca2bf28a854cd2c9232fa593f564d441cfdfb53fdbdedd3dd158
font_01_sfnt_off0005cf35.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x5CF35 47092 bytes
SHA-256: ac7b0ac0b06c0d53f5d6b21d0786a12dfa6324697b2f68a6e5986d6191f87893
font_02_sfnt_off0006097f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x6097F 12104 bytes
SHA-256: 883364879ae20622a8b3200a2459700638e5f0c62bda57e83de43d2f0488aba1