PDF static analysis report

Static analysis result for SHA-256 20afa15e45768e87…

CLEAN

PDF

131.2 KB Created: 2020-06-24 13:28:41 +02:00 Authoring application: Microsoft® Word for Office 365 First seen: 2020-09-24
MD5: ae71938c38ddbe01f4be231dcbccf752 SHA-1: 92a354d72e2651692d25524085a0da9452bc7f6f SHA-256: 20afa15e45768e87961d91bad3632b34a3ae0fd5fd081e0304c1986c2da51feb
12 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0005

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www2.informationmapping.com/l/8622/2020-06-22/8k69f8 PDF link annotation
    • https://www2.informationmapping.com/l/8622/2020-06-22/8k69fjIn PDF document text
    • https://www2.informationmapping.com/l/8622/2020-06-22/8k69fqIn PDF document text
    • https://www2.informationmapping.com/l/8622/2020-06-22/8k69fzIn PDF document text
    • https://www2.informationmapping.com/l/8622/2020-06-22/8k69l6In PDF document text
    • https://www2.informationmapping.com/l/8622/2020-06-22/8k6cbbIn PDF document text
    • https://www2.informationmapping.com/l/8622/2020-06-23/8k88b2In PDF document text
    • https://www2.informationmapping.com/l/8622/2020-06-23/8k88rzIn PDF document text
    • https://www2.informationmapping.com/l/8622/2020-06-23/8k88tbIn PDF document text
    • https://www.informationmapping.com/training-roadshow/event.php?id=599In PDF document text
    • https://www.informationmapping.com/training-roadshow/event.php?id=608In PDF document text
    • https://www.informationmapping.com/training-roadshow/event.php?id=605In PDF document text
    • https://www.informationmapping.com/training-roadshow/event.php?id=596In PDF document text
    • https://www.informationmapping.com/training-roadshow/event.php?id=598In PDF document text
    • https://www.informationmapping.com/training-roadshow/event.php?id=591In PDF document text
    • https://www.informationmapping.com/en/In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • https://docs.microsoft.com/typography/abouthttp://lucasfonts.comMicrosoftIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
    • http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0aIn PDF document text
    • http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^In PDF document text
    • http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��In PDF document text
    • http://www.microsoft.com/pkiops/docs/primarycps.htm0@In PDF document text
    • http://www.microsoft.com/TypographyIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00005b41.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x5B41 100856 bytes
SHA-256: 2b9c10d72c26f6efa768b230e7f19914919521d8f14c8eb35e18edf7b1e3d006
stream_006_off00011ff5.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x11FF5 120256 bytes
SHA-256: 1ff278e75027ee3ffd8d42714ab4fa5ddf954f73a238dbdd33a5005400e2addb