PDF static analysis report

Static analysis result for SHA-256 1f82f283dac9d2fa…

CLEAN

PDF

1.39 MB Created: nDX¦`j{º’Å9dƽ^‚„º Authoring application: ¨«1¬ –7[8‹B¢Ñ lí£g²…&4ûç}.GeᅓXqMgŠ€¸Ö¹'ã7!B  (via ? T ØDæ0. ä“Ä8}Åä^ÊÀíbRø”;f".~ŽÜòOLIï¡ÿ) First seen: 2026-05-09
MD5: cc3a83743bd52c7c1e2773d09b489f0b SHA-1: adb381ccf8be84af3d3aff41fe7373ea35238add SHA-256: 1f82f283dac9d2fa17f8fdeb608edef95d031580d41b81c1e290411652842928
8 Risk Score

Malware Insights

MITRE ATT&CK
T1553.004 Subvert Trust Controls: Mark-of-the-Web Bypass

The PDF file is encrypted and contains only images, with no readable text, suggesting a lure to bypass user scrutiny. The presence of multiple JBIG2 compressed streams is a strong indicator of malicious intent, as this technique is frequently used to embed malicious code or obfuscate harmful content within PDF documents. The lack of document body text and the use of image-only content further support this, as it prevents direct analysis of the document's purpose.

Machine Learning

  • Nyx PDF Classifier clean score 0.0003

Heuristics 4

  • JBIG2Decode filter info PDF_JBIG2
    JBIG2 image decoder present — historically used in zero-click exploits
  • Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTED
    PDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.lib.kobe-u.ac.jp/handle_kernel/90000991 In PDF document text
    • http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlUseIn PDF document text
    • http://www.ascendercorp.com/liberation.htmlIn PDF document text

Extracted artifacts 32

Files carved from inside the sample during analysis.

FilenameKindSourceSize
jbig2_00_off0000201c.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x201C 5027 bytes
SHA-256: 31386f55f61126ece42fdb73279cd566eda4e336d80df10088c56bf887832d82
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
jbig2_01_off00004410.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x4410 49844 bytes
SHA-256: 2a03173e405bad5df8eb0b866ac3c8a321d51f4b3aa96f1354d567a42620c285
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_02_off00011acd.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x11ACD 62299 bytes
SHA-256: 506273d709a569b52c555fafe776786de41ab84c58c02da5289a25bd809153c4
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_03_off000221f8.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x221F8 54832 bytes
SHA-256: 1de999ab02af70d45734c5f57ac82b4274b90878d642eae99ea78becb12ba21b
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_04_off00030765.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x30765 43804 bytes
SHA-256: 5eed383bdaef28e0973c8c5d52b4f92512c5ef5db195a7c27896c3e0882d3ecf
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_05_off00069e03.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x69E03 67050 bytes
SHA-256: e863bba35fa8251f616d5d9a39339c9aaad2bfa8b4f7f81e53716376561a9c68
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_06_off0007b3c4.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x7B3C4 46112 bytes
SHA-256: 5795d2b2c878a40961a828f94193b2854d1f9193958d961d4855d5ad92c88771
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_07_off0008780e.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x8780E 47425 bytes
SHA-256: af987b0b5aaf8731fe4830d7f6d2919fd5e8851f1ad66f54f6c60a0c8b7c0183
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_08_off00094421.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x94421 70720 bytes
SHA-256: 1f48091e3fd367f9520f32e457a8ad39439c28bce9c47bf46bf587e7c14d5fef
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_09_off000a6d02.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xA6D02 67887 bytes
SHA-256: 18f5ec9bd80906a770680540b1a5e45074a9f3055e14703957822a7672d2f9b8
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_10_off000b8b95.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xB8B95 53761 bytes
SHA-256: c6f1ee0ade7918c44c70c54b4fd6eac6720e56515239d014d6a2adc1dfc153c9
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_11_off000c7cd4.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xC7CD4 84651 bytes
SHA-256: e61fd6b6f1ec9b1d5318f51414ef81b90e911291b9e4be1308d0da22067786e3
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_12_off000de23f.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xDE23F 64918 bytes
SHA-256: 4939476f31e4fc59eb8ad17881ad1c13a3f42297f21a675239d05aa7203bf873
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_13_off000ee65f.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xEE65F 11101 bytes
SHA-256: d2d24200509b66d81b689043f8337b7a1ed060639d85f251c4051c429764c0ee
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
jbig2_14_off000f2af0.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xF2AF0 63176 bytes
SHA-256: d20811c29f3be2712a571182875f8e97611c9d90f08bff85a0ecc1393c84a2d4
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
font_00_cff_off0015eb51.bin pdf-font-stream PDF embedded font (cff) at offset 0x15EB51 270 bytes
SHA-256: 0cb83a68aab073d530fd23ddd2c5f396efc99710e3e1d29a989ddc7efabbe84b
font_01_sfnt_off0015ec9a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x15EC9A 4620 bytes
SHA-256: e33418f81c9502c08d6b7f550b8d30c31921f818c9afe292c033cc4e1e5c252d
jbig2_00_off000602ce.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x602CE 5027 bytes
SHA-256: 48b923e460494a05fba6293d775a9df2d2f0f861d02c82f6526b0d22996da9f4
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
jbig2_01_off00061be3.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x61BE3 49844 bytes
SHA-256: f2f63b430bb8550df3c9565d4102707ddf99eaa2da5bd14860bbc13a5bcf4ab0
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_02_off0006efed.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x6EFED 62299 bytes
SHA-256: 5439911ad05f0c597ed6eb057a6768bb1557ffbfe3ff632b6871e82a1ffaaa51
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_03_off0007f852.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x7F852 54832 bytes
SHA-256: a46e0f582343335afacc38b1576e1dca8e443cc965188091aa49f0283db033c6
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_04_off0008e357.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x8E357 43804 bytes
SHA-256: 40174d8d539bf100d7ee1abb72449aee547e9d5fe4a731d0ab55a91c7089a6e0
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_05_off000c7980.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xC7980 67050 bytes
SHA-256: 1a1f7f2093edf48e908bab23672058c2ebfbc46167f83cab179f46c2274b8399
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_06_off000d921f.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xD921F 46112 bytes
SHA-256: 632aed20639f07d190a2eab2ef9b5839120ac800ae0edc9c2eb2bc5f9c5358e2
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_07_off000e5715.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xE5715 47425 bytes
SHA-256: cb4d25a5a3190f2ca4bd304c4dd45fceddd59f8285e8344cb72bda11af870168
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_08_off000f2185.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0xF2185 70720 bytes
SHA-256: 9b797f46d6448e0087094ad6468cf1424d29189f2437b707eefb4cab3ec5a790
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_09_off0010499c.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x10499C 67887 bytes
SHA-256: 3a1413e386c3fcc65fba81286cb7521bbdaac2fe81857ed5ac0f9e9cd573023f
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_10_off00116873.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x116873 53761 bytes
SHA-256: 07c164be954aa1c8ff482abbd02048baa118f465632a8c0b28b12fdd7268b188
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_11_off001250e4.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x1250E4 84651 bytes
SHA-256: 3740f257c0a661fb8df835e9efe9340ab82b72471ba17a5c291fb91643372515
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_12_off0013bbdb.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x13BBDB 64918 bytes
SHA-256: 30c4c53d1d5ae79a5d8b00fc62c10c137c466cc95c5311aefd51c83735865ac2
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
jbig2_13_off0014d539.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x14D539 11101 bytes
SHA-256: bce042bbcd5c43ac4955544d2ebe5e7eac2b15c8ec33345c9c9e27eeddd2d1ac
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
jbig2_14_off0015142e.bin pdf-jbig2-stream PDF JBIG2 stream at offset 0x15142E 63176 bytes
SHA-256: 5b09a794526927132553e8688abbd6610318a15f35c9131d0c97be83416585f6
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.