PDF static analysis report

Static analysis result for SHA-256 1b689e3760fdf0b0…

CLEAN

PDF

6.25 MB First seen: 2014-11-01
MD5: 6e0bbe855cd5beeb22a8f498b2c8d3e8 SHA-1: 60e72ab66839f148001b421d7bc9b26ceaaa26fa SHA-256: 1b689e3760fdf0b03d40fc8c02ef965fac6e92842efbc56846444b226e6bf4ca
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0061

Heuristics 3

  • Unusually high stream count medium PDF_MANY_STREAMS
    PDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://scratch.mit In PDF document text
    • http://nostarch.com/scratch/������In PDF document text
    • http://scratch.mit.edu/In PDF document text
    • http://scratch.mit.edu/)���In PDF document text
    • http://wiki.scratch.mit.edu/In PDF document text
    • http://nostarch.com/scratch1/���������In PDF document text
    • http://scratched.media.mit.edu/���In PDF document text
    • http://info.scratch.mit.edu/Support/Scratch_FAQ/���In PDF document text
    • http://scratch.mit.edu/help/���In PDF document text
    • http://nostarch.com/scratch/���In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
    • http://ns.adobe.com/illustrator/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/t/pg/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/Dimensions#In PDF document text
    • http://ns.adobe.com/xap/1.0/g/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/photoshop/1.0/In PDF document text
    • http://ns.adobe.com/tiff/1.0/In PDF document text
    • http://ns.adobe.com/exif/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/rights/In PDF document text

Extracted artifacts 20

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off00002b6c.bin pdf-font-stream PDF embedded font (cff) at offset 0x2B6C 3008 bytes
SHA-256: f8b0dd1198370157d554abc822c911b9f6b57e26778e8d00bbea240acbc519b9
font_01_cff_off00013dea.bin pdf-font-stream PDF embedded font (cff) at offset 0x13DEA 3746 bytes
SHA-256: 8ad2129c6ea59e4645b5fadf799527c629773f8b742a8c71be9e6717d0df2ca5
font_02_cff_off0002acd8.bin pdf-font-stream PDF embedded font (cff) at offset 0x2ACD8 218 bytes
SHA-256: 9082f054232d01659dc2f4a28e017158fbc1982179f1e38f71d16766e1d43bd2
font_03_cff_off0002af3f.bin pdf-font-stream PDF embedded font (cff) at offset 0x2AF3F 1607 bytes
SHA-256: 6990339ff2d7ae5d3fddc7d38e32d1a447c809ed562ee8cf969fa5d92908c437
font_04_cff_off00038a5f.bin pdf-font-stream PDF embedded font (cff) at offset 0x38A5F 3233 bytes
SHA-256: ef6d08b694b7ac65c2c727d3553f3620c6bfee2ef676a2a1252b10556a00c79a
font_05_cff_off00039848.bin pdf-font-stream PDF embedded font (cff) at offset 0x39848 2222 bytes
SHA-256: 99ab6f39e704c13f14685eaf34e2a4b48907a9e9a47afebd933759216758efa1
font_06_cff_off0003a216.bin pdf-font-stream PDF embedded font (cff) at offset 0x3A216 4113 bytes
SHA-256: f77cc9debc55fc6650ef654cfbae2cee132c2d5db3285be096a7598027ef34b7
font_07_cff_off0003b2c6.bin pdf-font-stream PDF embedded font (cff) at offset 0x3B2C6 1785 bytes
SHA-256: 39a91af46a77d62d71988e1ac27d1d6e59b6d15f84f615459b6f4960d4e4661b
font_08_cff_off0003bb8f.bin pdf-font-stream PDF embedded font (cff) at offset 0x3BB8F 297 bytes
SHA-256: 82e436141a63245033f28b66bbb59a70bca1f95881460ec5b092b2284bb987c1
font_09_cff_off0003be1e.bin pdf-font-stream PDF embedded font (cff) at offset 0x3BE1E 6657 bytes
SHA-256: 41d6593b2eaa3f129f6439a04661c2930d3d57dc1d465320e485febb0d2203e3
font_10_cff_off0013d45c.bin pdf-font-stream PDF embedded font (cff) at offset 0x13D45C 282 bytes
SHA-256: ce71a05d5c664ef1ad1bbc404783fcad7fb25d39775b0648f0711d18d6d95365
font_11_cff_off004ca4fb.bin pdf-font-stream PDF embedded font (cff) at offset 0x4CA4FB 3194 bytes
SHA-256: 10a62d2706976597eadcd5e57ef0b09239107b7ba66e796308875a028b8d8376
font_12_cff_off004e1177.bin pdf-font-stream PDF embedded font (cff) at offset 0x4E1177 64316 bytes
SHA-256: 6a7557723d69cfe9c89211c35eaaa8728bd7d19ba7e96a5867936cfe2a2f0c6e
font_13_cff_off004ed4e0.bin pdf-font-stream PDF embedded font (cff) at offset 0x4ED4E0 14132 bytes
SHA-256: 138cb8c3c163c7cf4e7e903ad4e3fc3c5bdbb3b48333c5bb70fcde4d99c56dc5
font_14_cff_off004f0f6c.bin pdf-font-stream PDF embedded font (cff) at offset 0x4F0F6C 155809 bytes
SHA-256: 5d8d6b7f685abc66b27d15d7f8d197b0c880614b47d33f0d20a2803a7d86c5e2
font_15_cff_off005184ea.bin pdf-font-stream PDF embedded font (cff) at offset 0x5184EA 2311 bytes
SHA-256: 963376073b176c225587312121a6f2ab01d0e1e3ae8ff2ca4b1d245b1f2261da
font_16_cff_off00518fc2.bin pdf-font-stream PDF embedded font (cff) at offset 0x518FC2 8397 bytes
SHA-256: 2f59269932eea75e5ff878606bfe129c0b6cc1257be8f661812b6eb5a04acd05
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.46, consistent with packed or encrypted content.
font_17_cff_off0051b10a.bin pdf-font-stream PDF embedded font (cff) at offset 0x51B10A 5732 bytes
SHA-256: db92ce9a80a760dc4a430141fdd3be965b86d0339e8899dc324e956a67252555
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.40, consistent with packed or encrypted content.
font_18_cff_off0052046a.bin pdf-font-stream PDF embedded font (cff) at offset 0x52046A 28572 bytes
SHA-256: f817953d2be9efd0eb75881778e025809b064826ee005f7bea120c8a9e6003a4
font_19_cff_off00525324.bin pdf-font-stream PDF embedded font (cff) at offset 0x525324 22258 bytes
SHA-256: bbbe56dd78b3a0d8fa3d62b2791d9b57f9b93633e9e13af9db32df0132887fdc