PDF static analysis report

Static analysis result for SHA-256 18a3a5b7f749911d…

CLEAN

PDF

161.8 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-20
MD5: 166333eecc864487fc0a3e803e436b2b SHA-1: a4d0da6a6f5f6c64751697eff3963ffeac436f1c SHA-256: 18a3a5b7f749911d89ad1b05f7e02f0382ce9f2787d10a7a878383a188db909e
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 2

  • Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URI
    PDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://t.co/mnOMs1Yl7G In PDF document text
    • https://t.co/dL72duPtgvIn PDF document text
🗂 Part of campaign: cineprime.site 73 samples

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off000000c1.icc pdf-icc-profile PDF ICC profile at offset 0xC1 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off0001ce17.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1CE17 48692 bytes
SHA-256: 895f55e91e6642b3bce43ec9ea2cb9b3b37cbd4fb3cce73f312ea9a021ff2cea
font_01_sfnt_off00023eea.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x23EEA 47772 bytes
SHA-256: affcec55ed1c05054c8735b1b28b449cce341f5c83604bdc853e1e01deb30897
font_02_sfnt_off00024cbe.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x24CBE 15044 bytes
SHA-256: a42b6cfdfe8dc8bfc29142c44bdac944e45457cf184a26ab95aa8856337912b2
font_03_sfnt_off00026bf5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x26BF5 182388 bytes
SHA-256: e04311bd1333413d0b4d4d7e974a6c79cd2d35c0c769b057a005106956f0fa6e