MALICIOUS
64
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0239
Heuristics 4
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Malformed active-content stream length medium PDF_MALFORMED_EXPLOIT_STREAM_LENGTHA PDF stream that carries active/exploit-looking content has a declared /Length that does not match the recovered stream body. Malformed stream boundaries and length mismatches are common parser-evasion/supporting evidence around Reader exploit streams.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://getpdf.pw/book?res=123&isbn=9781526707543&kwd=The%2019th%20Century%20Criminal%20Underworld PDF link annotation
- https://static.s123-cdn-static.com/uploads/4660533/normal_61afae0ba3aa6.pdfIn PDF document text
- https://static.s123-cdn.com/uploads/4659890/normal_61af84dcd6eba.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_007_off00011f34.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x11F34 | 22352 bytes |
SHA-256: c6910d93053802784ee178c67d79d998d49845ce1463874c6fa3b24af94747de |
|||
font_01_sfnt_off00015354.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15354 | 19904 bytes |
SHA-256: 1c088e7163f9de82535095ce5cbceb5c4eb3c3dca475d4f206adedc1ccb78a06 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.