CLEAN
8
Risk Score
Malware Insights
MITRE ATT&CK
T1553.004 Subvert Trust Controls: Mark-of-the-Web Bypass
The PDF file is encrypted and contains only images, with no readable text, suggesting a lure to bypass user scrutiny. The presence of multiple JBIG2 compressed streams is a strong indicator of malicious intent, as this technique is frequently used to embed malicious code or obfuscate harmful content within PDF documents. The lack of document body text and the use of image-only content further support this, as it prevents direct analysis of the document's purpose.
Machine Learning
- Nyx PDF Classifier clean score 0.0003
Heuristics 4
-
JBIG2Decode filter info PDF_JBIG2JBIG2 image decoder present — historically used in zero-click exploits
-
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTEDPDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.lib.kobe-u.ac.jp/handle_kernel/90000991 In PDF document text
- http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlUseIn PDF document text
- http://www.ascendercorp.com/liberation.htmlIn PDF document text
Extracted artifacts 32
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
jbig2_00_off0000201c.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x201C | 5027 bytes |
SHA-256: 31386f55f61126ece42fdb73279cd566eda4e336d80df10088c56bf887832d82 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
|
|||
jbig2_01_off00004410.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x4410 | 49844 bytes |
SHA-256: 2a03173e405bad5df8eb0b866ac3c8a321d51f4b3aa96f1354d567a42620c285 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_02_off00011acd.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x11ACD | 62299 bytes |
SHA-256: 506273d709a569b52c555fafe776786de41ab84c58c02da5289a25bd809153c4 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_03_off000221f8.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x221F8 | 54832 bytes |
SHA-256: 1de999ab02af70d45734c5f57ac82b4274b90878d642eae99ea78becb12ba21b |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_04_off00030765.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x30765 | 43804 bytes |
SHA-256: 5eed383bdaef28e0973c8c5d52b4f92512c5ef5db195a7c27896c3e0882d3ecf |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_05_off00069e03.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x69E03 | 67050 bytes |
SHA-256: e863bba35fa8251f616d5d9a39339c9aaad2bfa8b4f7f81e53716376561a9c68 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_06_off0007b3c4.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x7B3C4 | 46112 bytes |
SHA-256: 5795d2b2c878a40961a828f94193b2854d1f9193958d961d4855d5ad92c88771 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_07_off0008780e.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x8780E | 47425 bytes |
SHA-256: af987b0b5aaf8731fe4830d7f6d2919fd5e8851f1ad66f54f6c60a0c8b7c0183 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_08_off00094421.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x94421 | 70720 bytes |
SHA-256: 1f48091e3fd367f9520f32e457a8ad39439c28bce9c47bf46bf587e7c14d5fef |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_09_off000a6d02.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xA6D02 | 67887 bytes |
SHA-256: 18f5ec9bd80906a770680540b1a5e45074a9f3055e14703957822a7672d2f9b8 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_10_off000b8b95.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xB8B95 | 53761 bytes |
SHA-256: c6f1ee0ade7918c44c70c54b4fd6eac6720e56515239d014d6a2adc1dfc153c9 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_11_off000c7cd4.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xC7CD4 | 84651 bytes |
SHA-256: e61fd6b6f1ec9b1d5318f51414ef81b90e911291b9e4be1308d0da22067786e3 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_12_off000de23f.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xDE23F | 64918 bytes |
SHA-256: 4939476f31e4fc59eb8ad17881ad1c13a3f42297f21a675239d05aa7203bf873 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_13_off000ee65f.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xEE65F | 11101 bytes |
SHA-256: d2d24200509b66d81b689043f8337b7a1ed060639d85f251c4051c429764c0ee |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_14_off000f2af0.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xF2AF0 | 63176 bytes |
SHA-256: d20811c29f3be2712a571182875f8e97611c9d90f08bff85a0ecc1393c84a2d4 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
font_00_cff_off0015eb51.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x15EB51 | 270 bytes |
SHA-256: 0cb83a68aab073d530fd23ddd2c5f396efc99710e3e1d29a989ddc7efabbe84b |
|||
font_01_sfnt_off0015ec9a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15EC9A | 4620 bytes |
SHA-256: e33418f81c9502c08d6b7f550b8d30c31921f818c9afe292c033cc4e1e5c252d |
|||
jbig2_00_off000602ce.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x602CE | 5027 bytes |
SHA-256: 48b923e460494a05fba6293d775a9df2d2f0f861d02c82f6526b0d22996da9f4 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
|
|||
jbig2_01_off00061be3.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x61BE3 | 49844 bytes |
SHA-256: f2f63b430bb8550df3c9565d4102707ddf99eaa2da5bd14860bbc13a5bcf4ab0 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_02_off0006efed.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x6EFED | 62299 bytes |
SHA-256: 5439911ad05f0c597ed6eb057a6768bb1557ffbfe3ff632b6871e82a1ffaaa51 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_03_off0007f852.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x7F852 | 54832 bytes |
SHA-256: a46e0f582343335afacc38b1576e1dca8e443cc965188091aa49f0283db033c6 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_04_off0008e357.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x8E357 | 43804 bytes |
SHA-256: 40174d8d539bf100d7ee1abb72449aee547e9d5fe4a731d0ab55a91c7089a6e0 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_05_off000c7980.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xC7980 | 67050 bytes |
SHA-256: 1a1f7f2093edf48e908bab23672058c2ebfbc46167f83cab179f46c2274b8399 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_06_off000d921f.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xD921F | 46112 bytes |
SHA-256: 632aed20639f07d190a2eab2ef9b5839120ac800ae0edc9c2eb2bc5f9c5358e2 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_07_off000e5715.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xE5715 | 47425 bytes |
SHA-256: cb4d25a5a3190f2ca4bd304c4dd45fceddd59f8285e8344cb72bda11af870168 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_08_off000f2185.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xF2185 | 70720 bytes |
SHA-256: 9b797f46d6448e0087094ad6468cf1424d29189f2437b707eefb4cab3ec5a790 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_09_off0010499c.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x10499C | 67887 bytes |
SHA-256: 3a1413e386c3fcc65fba81286cb7521bbdaac2fe81857ed5ac0f9e9cd573023f |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_10_off00116873.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x116873 | 53761 bytes |
SHA-256: 07c164be954aa1c8ff482abbd02048baa118f465632a8c0b28b12fdd7268b188 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_11_off001250e4.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x1250E4 | 84651 bytes |
SHA-256: 3740f257c0a661fb8df835e9efe9340ab82b72471ba17a5c291fb91643372515 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_12_off0013bbdb.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x13BBDB | 64918 bytes |
SHA-256: 30c4c53d1d5ae79a5d8b00fc62c10c137c466cc95c5311aefd51c83735865ac2 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
jbig2_13_off0014d539.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x14D539 | 11101 bytes |
SHA-256: bce042bbcd5c43ac4955544d2ebe5e7eac2b15c8ec33345c9c9e27eeddd2d1ac |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
jbig2_14_off0015142e.bin |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x15142E | 63176 bytes |
SHA-256: 5b09a794526927132553e8688abbd6610318a15f35c9131d0c97be83416585f6 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.