PDF static analysis report

Static analysis result for SHA-256 1ff2d0d6f4224d4e…

CLEAN

PDF

557.9 KB Created: 2010-06-12 02:13:51 +02:00 Authoring application: Writer (via OpenOffice.org 3.1) First seen: 2026-05-11
MD5: ce501d78a1975d5cf6a1da50c101b763 SHA-1: 5e22536a4424ee44a53c749101856da2cd6b3abd SHA-256: 1ff2d0d6f4224d4e23f772fa358653720e7bcf5faa94b769dc2df01357bbadca
14 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0035

Heuristics 4

  • AcroForm button with action trigger low PDF_ACROFORM_BUTTON
    PDF contains a /Btn form field together with a SubmitForm/URI/Launch/JS trigger — this is the building block of fake 'Download' or 'Open' button overlays used in PDF phishing lures
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.biodiversiteit.nl/evenementen/workshop-biodiversiteits-actieplan-kaart PDF link annotation
    • http://www.xs4all.nl/~beekterf/BioDivers/BAPL.htmlIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_005_off0001b458.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1B458 34320 bytes
SHA-256: a7c9d91da0cd817173fd208272e4196c873694ca05d3830d1511f01299db91dc
font_00_sfnt_off00016b57.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x16B57 27500 bytes
SHA-256: b95aa72ea244294a58f791ebf05120d4770fb25080f44ed3143e9e47303d085c
font_02_sfnt_off0007dfa7.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7DFA7 13168 bytes
SHA-256: 8a5c6b73aff101f2e3ddf69a5b7688e2d2717647ce647d01d671e49d2bc65b41
font_03_sfnt_off0007fbe0.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7FBE0 32200 bytes
SHA-256: 9ae8c65239ef24769ca17e31514cae9c262bd356da5ccb860375eefdacbb5ea4
font_04_sfnt_off00084e6a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x84E6A 12828 bytes
SHA-256: ebb5fa68a0739663d95f06df5cbf343ace086cbf2f8c5e0ba3305c6a56acab63
font_05_sfnt_off00086bda.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x86BDA 24620 bytes
SHA-256: b291b7eded7e856a6db4d46291a78fcb71aac7636aeb6d380feda58a2f2434f0