PDF static analysis report

Static analysis result for SHA-256 1e0e8d17e318986e…

CLEAN

PDF

1.08 MB Created: 2020-08-07 02:59:54 UTC Authoring application: Notes (via iOS Version 13.6 (Build 17G68) Quartz PDFContext) First seen: 2026-05-13
MD5: d85fb4cd44a971d1b24ffe0b8bd4486e SHA-1: ca4678479206b9b859ec970e1f9d870ef6f3bacd SHA-256: 1e0e8d17e318986e6c0bce017fea4b698a02fe99660128722bb42ab19fd8666c
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 2

  • Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.iec.ch In PDF document text

Extracted artifacts 10

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_007_off0000b96d.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB96D 1607472 bytes
SHA-256: 6990c0ed8300e9f8087c896697c507560d458c37cb12a6b2928acf90c2c19f0f
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Static shellcode analysis found candidate code region(s). Indicators: heap spray 0x0C
stream_027_off0010d6c8.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x10D6C8 5280 bytes
SHA-256: 61f00dc4f79eabae9a85f53ec09fa269055f29788ebbc44d7ca56e9b71da89ef
icc_00_off00009149.icc pdf-icc-profile PDF ICC profile at offset 0x9149 3144 bytes
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
icc_02_off0000a715.icc pdf-icc-profile PDF ICC profile at offset 0xA715 4456 bytes
SHA-256: ee2f821d16d12ec9e9f2958ac8865f40912d0ce1fb9625a31b594fab942b1caf
font_00_cff_off0010d210.bin pdf-font-stream PDF embedded font (cff) at offset 0x10D210 445 bytes
SHA-256: cd8d0bd190469f87548565ca19906777209bc91c30b14eff70a3b3b2d1bf79a3
font_02_sfnt_off0010e5ca.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x10E5CA 580 bytes
SHA-256: 269467c0af39bee98acea6eccf29649b0825a57c96927842ccc2ea983c816043
font_03_sfnt_off0010ebd8.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x10EBD8 12960 bytes
SHA-256: 515f2648932a70ed03b38cc2f05c8d188bf0922c6bc6f0df9856ad5603807c71
font_04_sfnt_off00110c65.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x110C65 736 bytes
SHA-256: d672c6a3f5d95131d9d94672bd0a49b99095973bd5b47bb408c39268fd1dd565
font_05_sfnt_off001110de.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1110DE 3180 bytes
SHA-256: 97438a98ebd7044e1d5897e4f5b379e17e5e0815d44d450993148f07aff3dfac
font_06_sfnt_off00111b35.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x111B35 5208 bytes
SHA-256: b92408f072920a1eecdc3b8b70c702dede361a22cf9eb35e89d6572fb825e615