CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 3
-
Cloud document impersonation lure medium SE_CLOUD_DOC_LUREDocument impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://secure-web.cisco.com/1Kf65trtwukO12AvwyT8Sewt5fOwJQuBXMJ8Ofnz_UKi046O2-9pzaUHwORKswsum51PMXyZ2Ypj8GqGqUZSZpVmEtne5zqC4gvFk08iyDdyZ6w3sjGWVn58xAJXdg1xP2gCMrnvx6NtjSuj-48pwO7UhqOqDs4FXcTn4mHgNmse2Fw7Smr8L3mDFpK8xdO0-3VGN0QtcDwVU590ESC5kC9G1jiWsTL6OEbaByyb8nwZNCphuqBld64j_6yChUjo0OtNAAs44vkqodbNTTwOfTe8gEQPWg0DcanymKkQOlWO_TRyoTGmFXmTzwDW_RkNGP6uRD2Nkouiv3jqcKF6sKqHM68Cpt54-CBDDW8jT3lOV-p5dO1-QWqR0p46c_6dAyWnAcbvn8YYUJyvIDObHDqBRHJCAKUMPFzZeS2oWIN4/https%3A%2F%2Fbeautymedicalthailand.com%2Fwp-includes%2Ftheme-compat%2Fzhxmepn%2Famgnwyv%2F1sjxiwz%2Fcss%2Fov0654490%2Fserver06%2Fwpserver%2F#amF5YW50Lmtlc2FyYWxpa2FyQG1haGluZHJhLmNvbQ== In document body
- https://secure-web.cisco.com/1Kf65trtwukO12AvwyT8Sewt5fOwJQuBXMJ8Ofnz_UKi046O2-9pzaUHwORKswsum51PMXyZ2Ypj8GqGqUZSZpVmEtne5zqC4gvFk08iyDdyZ6w3sjGWVn58xAJXdg1xP2gCMrnvx6NtjSuj-48pwO7UhqOqDs4FXcTn4mHgNmse2Fw7Smr8L3mDFpK8xdO0-3VGN0QtcDwVU590ESC5kC9G1jiWsTL6OEbaByyb8nwZNCphuqBld64j_6yChUjo0OtNAAs44vkqodbNTTwOfTe8gEQPWg0DcanymKkQOlWO_TRyoTGmFXmTzwDW_RkNGP6uRD2Nkouiv3jqcKF6sKqHM68Cpt54-CBDDW8jT3lOV-p5dO1-QWqR0p46c_6dAyWnAcbvn8YYUJyvIDObHDqBRHJCAKUMPFzZeS2oWIN4/https%3A%2F%2Fbeautymedicalthailand.com%2FPDF link annotation
Extracted artifacts 7
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00009d94.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x9D94 | 315074 bytes |
SHA-256: 247ce851d008abb71a4d42b4099f25ac8eb1c9d97e79bf6fdcf8425045de2281 |
|||
icc_00_off00000181.icc |
pdf-icc-profile | PDF ICC profile at offset 0x181 | 536 bytes |
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d |
|||
font_00_sfnt_off00022c45.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x22C45 | 13812 bytes |
SHA-256: dca97cdd982f7b11e49fcdebcfb90e5c919d8f9d12a8fcc4ee1390ba98a67516 |
|||
font_01_sfnt_off0002413e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2413E | 27928 bytes |
SHA-256: 3b7746a94e1e2f6afae4f4c1ae416a76d880baf1d331d470fe80d5fa9830afb1 |
|||
font_02_sfnt_off0002830d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2830D | 17172 bytes |
SHA-256: 8cf084ed2dc631d844810724af48048f5a59d26db6d09d5225546a3112ec4725 |
|||
font_03_sfnt_off0002a99b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2A99B | 20516 bytes |
SHA-256: 1eff4abfe1f5b340b8105898199efc19f68ac54acc5554db359ba5aab61e4e53 |
|||
font_04_sfnt_off0002da45.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2DA45 | 19992 bytes |
SHA-256: 2a575f04b8f6b2e7eeee77794dde01f1bd6bd08a5a8e3aca8a59cff89ee48bdb |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.