PDF static analysis report

Static analysis result for SHA-256 29f47f68932c9a6a…

CLEAN

PDF

195.9 KB Created: 2026-04-22 06:34:00 +00:00 Authoring application: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/144.0.0.0 Safari/537.36 (via Skia/PDF m144) First seen: 2026-05-10
MD5: 79a864ba48c14ee804caa537463a7566 SHA-1: 31dce269d7c2fc87ae3e9af2d9c91fcea4fadc25 SHA-256: 29f47f68932c9a6a73610a4bb488c048f69883d80e9ad9f3a7c3f733472180ba
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 3

  • Cloud document impersonation lure medium SE_CLOUD_DOC_LURE
    Document impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://secure-web.cisco.com/1Kf65trtwukO12AvwyT8Sewt5fOwJQuBXMJ8Ofnz_UKi046O2-9pzaUHwORKswsum51PMXyZ2Ypj8GqGqUZSZpVmEtne5zqC4gvFk08iyDdyZ6w3sjGWVn58xAJXdg1xP2gCMrnvx6NtjSuj-48pwO7UhqOqDs4FXcTn4mHgNmse2Fw7Smr8L3mDFpK8xdO0-3VGN0QtcDwVU590ESC5kC9G1jiWsTL6OEbaByyb8nwZNCphuqBld64j_6yChUjo0OtNAAs44vkqodbNTTwOfTe8gEQPWg0DcanymKkQOlWO_TRyoTGmFXmTzwDW_RkNGP6uRD2Nkouiv3jqcKF6sKqHM68Cpt54-CBDDW8jT3lOV-p5dO1-QWqR0p46c_6dAyWnAcbvn8YYUJyvIDObHDqBRHJCAKUMPFzZeS2oWIN4/https%3A%2F%2Fbeautymedicalthailand.com%2Fwp-includes%2Ftheme-compat%2Fzhxmepn%2Famgnwyv%2F1sjxiwz%2Fcss%2Fov0654490%2Fserver06%2Fwpserver%2F#YWJoaXNoZWsuamFpbkBtYWhpbmRyYS5jb20= In PDF document text
    • https://secure-web.cisco.com/1Kf65trtwukO12AvwyT8Sewt5fOwJQuBXMJ8Ofnz_UKi046O2-9pzaUHwORKswsum51PMXyZ2Ypj8GqGqUZSZpVmEtne5zqC4gvFk08iyDdyZ6w3sjGWVn58xAJXdg1xP2gCMrnvx6NtjSuj-48pwO7UhqOqDs4FXcTn4mHgNmse2Fw7Smr8L3mDFpK8xdO0-3VGN0QtcDwVU590ESC5kC9G1jiWsTL6OEbaByyb8nwZNCphuqBld64j_6yChUjo0OtNAAs44vkqodbNTTwOfTe8gEQPWg0DcanymKkQOlWO_TRyoTGmFXmTzwDW_RkNGP6uRD2Nkouiv3jqcKF6sKqHM68Cpt54-CBDDW8jT3lOV-p5dO1-QWqR0p46c_6dAyWnAcbvn8YYUJyvIDObHDqBRHJCAKUMPFzZeS2oWIN4/https%3A%2F%2Fbeautymedicalthailand.com%2FPDF link annotation

Extracted artifacts 7

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00009d94.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x9D94 315074 bytes
SHA-256: 247ce851d008abb71a4d42b4099f25ac8eb1c9d97e79bf6fdcf8425045de2281
icc_00_off00000181.icc pdf-icc-profile PDF ICC profile at offset 0x181 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off00022c37.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x22C37 13812 bytes
SHA-256: dca97cdd982f7b11e49fcdebcfb90e5c919d8f9d12a8fcc4ee1390ba98a67516
font_01_sfnt_off00024130.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x24130 26752 bytes
SHA-256: 3b0c306d3be928407753856f9c1ca0972d82b4bf670d88de16c2a642973cca42
font_02_sfnt_off00028027.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x28027 17172 bytes
SHA-256: 8cf084ed2dc631d844810724af48048f5a59d26db6d09d5225546a3112ec4725
font_03_sfnt_off0002a6b5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2A6B5 20516 bytes
SHA-256: 1eff4abfe1f5b340b8105898199efc19f68ac54acc5554db359ba5aab61e4e53
font_04_sfnt_off0002d75f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2D75F 19992 bytes
SHA-256: 2a575f04b8f6b2e7eeee77794dde01f1bd6bd08a5a8e3aca8a59cff89ee48bdb