CLEAN
8
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0023
Heuristics 4
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://phukienden.com/365New/loginonlinelive/index.php PDF link annotation
- http://bfc.mn/assets/layouts/memory/365New/loginonlinelive/index.phpIn PDF document text
- http://bfc.mn/assets/layouts/memory/365New/loginonlinelive/index.php)/TypeIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_021_off0001c150.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1C150 | 5738 bytes |
SHA-256: 815ab32950df7a8485c9ea3ec75030acb5830ffe8d181b0e17c33f05021fea6a |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.45, consistent with packed or encrypted content.
|
|||
font_00_sfnt_off0000c534.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC534 | 11676 bytes |
SHA-256: 8619a74cfef92d6083d761c1297a312858e1b33f9a8d9a6d87dbac8740353722 |
|||
font_01_sfnt_off000141a3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x141A3 | 21907 bytes |
SHA-256: a52a0451147c87e1b74fef17f7a7d56e5e335a920b03a8c62117fab3b1451a0c |
|||
font_03_cff_off0001f186.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1F186 | 4870 bytes |
SHA-256: f1765c47924650380aeff965c9db5e7d7d2a1aba2ece1858ae7dafe4b9fd69f6 |
|||
font_04_cff_off00023ee6.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x23EE6 | 3433 bytes |
SHA-256: d5eec27a61523446262f80d1946dd2f7eefeba6757a4efaa4e2ea753821901cc |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.