PDF static analysis report

Static analysis result for SHA-256 1ae243722857a5ed…

CLEAN

PDF

910.9 KB Created: 2020-07-03 09:48:02 +02:00 Authoring application: Microsoft® Word 2016 First seen: 2020-09-24
MD5: 19c857358bdb7660073cadda0c592083 SHA-1: ebdf20ce3c3a43eb13cdc0aac92e9e8e430619eb SHA-256: 1ae243722857a5ed904a26f31a8dbbd8c4dff3e07adba81facb800d380fc7ab5
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0004

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.iif.com/publications/portfolio-flows-tracker In PDF document text
    • http://www.oecd.org/coronavirus/en/PDF link annotation
    • https://www.oecd-ilibrary.org/docserver/0d1d1e2e-en.pdf?expires=1591777386&id=id&accname=ocid84004878&checksum=0E9E1886A7F4926E3FBFE8B436B37B2AIn PDF document text
    • https://www.wto.org/english/news_e/pres20_e/pr855_e.htmIn PDF document text
    • http://www.oecd.org/coronavirus/policy-responses/foreign-direct-investment-flows-in-the-time-of-covid-19-a2fa20c4/In PDF document text
    • https://unctad.org/en/PublicationsLibrary/wir2020_en.pdfIn PDF document text
    • http://www.oecd.org/coronavirus/policy-responses/global-financial-markets-policy-responses-to-covid-19-2d98c7e0/In PDF document text
    • http://www.oecd.org/coronavirus/policy-responses/oecd-investment-policy-responses-to-covid-19-4be0254d/In PDF document text
    • https://www.federalreserve.gov/newsevents/pressreleases/monetary20200315c.htmIn PDF document text
    • https://voxeu.org/article/covid-19-crisis-dollar-and-capital-flowsIn PDF document text
    • http://www.oecd.org/corporate/Corporate-Bond-Markets-in-a-Time-of-Unconventional-Monetary-Policy.htmIn PDF document text
    • https://www.oecd-ilibrary.org/finance-and-investment/the-broad-policy-toolkit-for-financial-stability_9188f06a-enIn PDF document text
    • http://www.oecd.org/investment/OECD-Acquisition-ownership-policies-security-May2020.pdfIn PDF document text
    • https://oecd.github.io/OECD-covid-action-map/In PDF document text
    • https://www.oecd-ilibrary.org/content/paper/5jrp0z9lp1zr-enIn PDF document text
    • https://www.oecd-ilibrary.org/docserver/c0cc3f28-en.pdf?expires=1592314148&id=id&accname=guest&checksum=C57A97D2A67F427CDEF5366CD0FDCBFAIn PDF document text
    • http://www.oecd.org/termsandconditionsIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
    • http://www.microsoft.com/Typography/0In PDF document text
    • http://www.microsoft.com/typography/ctfontshttp://lucasfonts.comMicrosoftIn PDF document text
    • http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
    • http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0aIn PDF document text
    • http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^In PDF document text
    • http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��In PDF document text
    • http://www.microsoft.com/pkiops/docs/primarycps.htm0@In PDF document text
    • http://www.iec.chIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/CSPCA.crl0HIn PDF document text
    • http://www.microsoft.com/pki/certs/CSPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/tspca.crl0HIn PDF document text
    • http://www.microsoft.com/pki/certs/tspca.crt0In PDF document text
    • http://www.microsoft.com/typographyIn PDF document text

Extracted artifacts 8

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_011_off00006aef.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x6AEF 59876 bytes
SHA-256: 020aacbe445dabfdebf13c8fe60094ecc651629d0c6198c6e2b04b6a736aae34
stream_013_off000153e1.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x153E1 321940 bytes
SHA-256: ac1ab3815c5a7ced04aa2cf8049e9e10211feb5f426639434dce09a3cbe2a5c0
stream_039_off0008ec1d.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8EC1D 298204 bytes
SHA-256: f0161e57388adc814b5be22e130ae3e68f91d9328bb49165b6dafdb9447329c6
stream_040_off000a57ee.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xA57EE 406160 bytes
SHA-256: 0687a4d8678179d4c4f5d6ac8a310d14806df96f97e306164e44b4de00e95a8f
icc_00_off0000608a.icc pdf-icc-profile PDF ICC profile at offset 0x608A 3144 bytes
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
font_00_sfnt_off0007b7c6.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7B7C6 101856 bytes
SHA-256: a73cf5bf2c8eed8d517b8b45d9bd8b3833776dcc3a91d0096402d1e958382e4c
font_01_sfnt_off00083a86.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x83A86 100264 bytes
SHA-256: eb67016c1838b930661530ced8a458215e967ff0be68667d053423f7e34ccb5e
font_03_sfnt_off000d24cd.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xD24CD 31812 bytes
SHA-256: 86b759468b0e9753bd8611df7c9fd8ed69e9c2b2ee005a72da8b8ded48ef9d9b