CLEAN
22
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.iec.ch In PDF document text
Extracted artifacts 10
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_007_off0000b96d.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xB96D | 1607472 bytes |
SHA-256: 6990c0ed8300e9f8087c896697c507560d458c37cb12a6b2928acf90c2c19f0f |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Static shellcode analysis found candidate code region(s). Indicators: heap spray 0x0C
|
|||
stream_027_off0010d6c8.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x10D6C8 | 5280 bytes |
SHA-256: 61f00dc4f79eabae9a85f53ec09fa269055f29788ebbc44d7ca56e9b71da89ef |
|||
icc_00_off00009149.icc |
pdf-icc-profile | PDF ICC profile at offset 0x9149 | 3144 bytes |
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
|||
icc_02_off0000a715.icc |
pdf-icc-profile | PDF ICC profile at offset 0xA715 | 4456 bytes |
SHA-256: ee2f821d16d12ec9e9f2958ac8865f40912d0ce1fb9625a31b594fab942b1caf |
|||
font_00_cff_off0010d210.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x10D210 | 445 bytes |
SHA-256: cd8d0bd190469f87548565ca19906777209bc91c30b14eff70a3b3b2d1bf79a3 |
|||
font_02_sfnt_off0010e5ca.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10E5CA | 580 bytes |
SHA-256: 269467c0af39bee98acea6eccf29649b0825a57c96927842ccc2ea983c816043 |
|||
font_03_sfnt_off0010ebd8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10EBD8 | 12960 bytes |
SHA-256: 515f2648932a70ed03b38cc2f05c8d188bf0922c6bc6f0df9856ad5603807c71 |
|||
font_04_sfnt_off00110c65.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x110C65 | 736 bytes |
SHA-256: d672c6a3f5d95131d9d94672bd0a49b99095973bd5b47bb408c39268fd1dd565 |
|||
font_05_sfnt_off001110de.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1110DE | 3180 bytes |
SHA-256: 97438a98ebd7044e1d5897e4f5b379e17e5e0815d44d450993148f07aff3dfac |
|||
font_06_sfnt_off00111b35.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x111B35 | 5208 bytes |
SHA-256: b92408f072920a1eecdc3b8b70c702dede361a22cf9eb35e89d6572fb825e615 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.