CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0405
Heuristics 3
-
Clickable URI points to raw IP address medium PDF_URI_IP_LITERALPDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.alistatrans.ru/bbs/PwxPmruznrxcY_kzcb16354577Ptwi.pdf PDF link annotation
- http://www.alistatrans.ru/bbs/tlGQ_m_foizzYkxk16354821dhn.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/kdshPsidYubhtdrlueckroYef16366994P.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/_kef_c_daoxrx16349912kal.pdfIn PDF document text
- http://79.172.211.32/mail/_fYbsvxku16366242P.pdfPDF link annotation
- http://79.172.211.32/mail/knhde16357446JnJ.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/catJso16359095l.pdfIn PDF document text
- http://79.172.211.32/mail/lGabdufsYinnYrxadwxzm_x16357276ccQ.pdfIn PDF document text
- http://79.172.211.32/mail/xdcbxnfrJGYm16366258k.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/xmfouQbnnzfkPcvme16354945hno.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/JPwukvkdxb_bcwdsmYvxkG16366823hJ.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/zruciPdkisrGtocitQckocdGfiPaQ16350051bcY.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/Qdtnzcltbmhuacz_wurJeudheumkum16359078P.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/nhbvYQninJnhbiQGfmmGsQfJ16367056uQmx.pdfIn PDF document text
- http://79.172.211.32/mail/sxrfwtuvixmm_kPmad16357409Y.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/ndmkccunvJf_dmsmo16350055mxmd.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/mzclelb16358375dJhh.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/rsQ16358532zh.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/zmkkbbhG_PtYmswxPsch16359005znsm.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/mGndkbsJzfQbdunYe16350155PmQ.pdfIn PDF document text
- http://79.172.211.32/mail/wnxssdoz16357837u.pdfIn PDF document text
- http://79.172.211.32/mail/PxuurebuhzcszoiJxaGcaexnhoG_16366345s.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/zrwumehYcazsvh16349198nQ.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/shzhukbJQddnb16349607ibru.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/rrsx16349389sfY.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/lxGtsYPxPal16366972du.pdfIn PDF document text
- http://79.172.211.32/mail/PurlGvibYJh16358030ah.pdfIn PDF document text
- http://79.172.211.32/mail/enskiPa16357620d_fz.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/JblealbmcJJxdeYxabf_esdck16349494h.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/ummQmuwbfYtvs16364987x.pdfIn PDF document text
- http://79.172.211.32/mail/dzlYnsYlashszrdnmdQivGQJawoum16357919hv.pdfIn PDF document text
- http://79.172.211.32/mail/nizdxbYrJamvce16357790Gi.pdfIn PDF document text
- http://79.172.211.32/mail/uatdisrwQexcol16366278r.pdfIn PDF document text
- http://www.masterdea.it/mobile/veoxotsth15543628axk.pdfIn PDF document text
- http://www.masterdea.it/mobile/ih_Jkok_flzcceckwwtlrQQiuGmJni15311306Qm.pdfIn PDF document text
- http://blog.creative-dots.com/mobile/bkzcJloYncbbuztowof16225546tQ.pdfIn PDF document text
- http://www.masterdea.it/mobile/htPhQiYfkfvG15331521Ph.pdfIn PDF document text
- http://store.creative-dots.com/data/os_zaexiYd16232387xkvt.pdfIn PDF document text
- http://79.172.211.32/mail/ilcxnmGi16357816fv.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/nzbxlQ_lkQzPQndGzowQ16349705_cm.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/bhlP_sG16350183Jbb.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/rGe16350165x_Yz.pdfIn PDF document text
- http://79.172.211.32/mail/txJzhlvGa16357907m.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/_aGcxGPJJbdiv_Jb16354458o.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/tdGlsuiibkQxid_l16366901szcQ.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/ceQcnesisuQhvfcwkf16350091s_ns.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/zlGP_16359178vYix.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/ueshkfcsYhalYvJnkailu16349843wGsi.pdfIn PDF document text
- http://79.172.211.32/mail/uriYYQrbor16357410vwb.pdfIn PDF document text
- http://79.172.211.32/mail/xicr16357605zivP.pdfIn PDF document text
+26 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off0000a115.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xA115 | 19964 bytes |
SHA-256: 618b8df44c027594b3bdd437456ce4ae24e59e497af293138299ddb07ed3f52c |
|||
font_01_sfnt_off0000d70b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD70B | 19964 bytes |
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8 |
|||
font_02_sfnt_off00010cce.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10CCE | 20828 bytes |
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.