CLEAN
14
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0035
Heuristics 4
-
AcroForm button with action trigger low PDF_ACROFORM_BUTTONPDF contains a /Btn form field together with a SubmitForm/URI/Launch/JS trigger — this is the building block of fake 'Download' or 'Open' button overlays used in PDF phishing lures
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.biodiversiteit.nl/evenementen/workshop-biodiversiteits-actieplan-kaart PDF link annotation
- http://www.xs4all.nl/~beekterf/BioDivers/BAPL.htmlIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off0001b458.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1B458 | 34320 bytes |
SHA-256: a7c9d91da0cd817173fd208272e4196c873694ca05d3830d1511f01299db91dc |
|||
font_00_sfnt_off00016b57.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16B57 | 27500 bytes |
SHA-256: b95aa72ea244294a58f791ebf05120d4770fb25080f44ed3143e9e47303d085c |
|||
font_02_sfnt_off0007dfa7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7DFA7 | 13168 bytes |
SHA-256: 8a5c6b73aff101f2e3ddf69a5b7688e2d2717647ce647d01d671e49d2bc65b41 |
|||
font_03_sfnt_off0007fbe0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FBE0 | 32200 bytes |
SHA-256: 9ae8c65239ef24769ca17e31514cae9c262bd356da5ccb860375eefdacbb5ea4 |
|||
font_04_sfnt_off00084e6a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x84E6A | 12828 bytes |
SHA-256: ebb5fa68a0739663d95f06df5cbf343ace086cbf2f8c5e0ba3305c6a56acab63 |
|||
font_05_sfnt_off00086bda.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x86BDA | 24620 bytes |
SHA-256: b291b7eded7e856a6db4d46291a78fcb71aac7636aeb6d380feda58a2f2434f0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.