SUSPICIOUS
46
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded URLs and references to technical content, including a specific paper and journal. One heuristic indicates the presence of LOLBin token sequences in the document text, suggesting an attempt to execute commands. While no scripts were explicitly extracted, the combination of embedded URLs and command-related heuristics points towards a potential phishing or malware delivery mechanism. The document body was heavily obfuscated and unreadable.
Machine Learning
- Nyx PDF Classifier clean score 0.0005
Heuristics 4
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
External URI info PDF_URIPDF contains an external URL action
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.vectornav.com In PDF document text
- http://owenson.me/build-your-own-quadcopter-autopilot/DCMDraft2.pdfIn PDF document text
- http://www.starlino.com/imu_guide.html/In PDF document text
- https://www.xsens.com/products/mti-100-series/In PDF document text
- https://developer.androidIn PDF document text
- http://www.gust.org.plIn PDF document text
- http://www.gust.org.pl/fonts/licenses/GUST-FONT-LICENSE.txtIn PDF document text
- http://creativecommons.org/licenses/by/4.0/In PDF document text
- http://www.mdpi.com/journal/sensorsPDF link annotation
- http://www.mdpi.comPDF link annotation
- https://orcid.org/0000-0002-2309-085XIn PDF document text
- http://dx.doi.org/10.3390/s18082616In PDF document text
- http://dx.doi.org/10.1109/VSMM.2016.7863198In PDF document text
- http://dx.doi.org/10.1016/j.isprsjprs.2009.10.001In PDF document text
- http://dx.doi.org/10.1016/j.isprsjprs.2010.12.004In PDF document text
- http://dx.doi.org/10.1186/s40064-015-1572-8In PDF document text
- http://www.ncbi.nlm.nih.gov/pubmed/26753121In PDF document text
- http://dx.doi.org/10.12681/eadd/28184In PDF document text
- http://dx.doi.org/10.1109/DASC.2003.1245952In PDF document text
- http://dx.doi.org/10.1109/TIM.2008.2006137In PDF document text
- http://dx.doi.org/10.5194/isprsarchives-XL-3-9-2014In PDF document text
- http://dx.doi.org/10.1088/0957-0233/19/8/085202In PDF document text
- http://dx.doi.org/10.1080/10095020.2018.1424085In PDF document text
- http://dx.doi.org/10.1109/ICIF.2006.301604In PDF document text
- http://dx.doi.org/10.3390/s17102164In PDF document text
- http://www.ncbi.nlm.nih.gov/pubmed/28934102In PDF document text
- http://dx.doi.org/10.3390/s111009182In PDF document text
- http://www.ncbi.nlm.nih.gov/pubmed/22163689In PDF document text
- http://dx.doi.org/10.3390/s17092146In PDF document text
- http://www.ncbi.nlm.nih.gov/pubmed/28925979In PDF document text
- http://dx.doi.org/10.1109/IROS.2008.4650766In PDF document text
- http://dx.doi.org/10.1109/78.978396In PDF document text
- http://dx.doi.org/10.1016/j.sna.2007.05.008In PDF document text
- http://dx.doi.org/10.1109/PLANS.2000.838300In PDF document text
- https://www.researchgate.net/publication/200045331_An_Introduction_to_the_Kalman_FilterIn PDF document text
- https://developer.android.com/guide/components/servicesIn PDF document text
- https://developer.android.com/guide/components/aidlIn PDF document text
- http://creativecommons.org/In PDF document text
- http://www.mdpi.com/1424-8220/18/8/2616?type=check_update&version=2In PDF document text
- http://tug.org/fonts/licenses/GUST-FONT-LICENSE.txtIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/g/img/In PDF document text
- http://ns.adobe.com/xap/1.0/t/pg/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/Dimensions#In PDF document text
- http://ns.adobe.com/xap/1.0/sType/Font#In PDF document text
- http://ns.adobe.com/xap/1.0/g/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
+21 more URL(s)
Extracted artifacts 21
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_021_off000204f9.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x204F9 | 15752 bytes |
SHA-256: 64202cf04b6ca119a9f7480467c4fc68115929ee0e1b56844de4c54627a83b08 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.91, consistent with packed or encrypted content.
|
|||
stream_024_off00024e2a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x24E2A | 19555 bytes |
SHA-256: 417fc669ceda1bdfcce6e98d647432b28ca7ffb0ddaa395ae89f405bec0ff16a |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
226 of 373 identifiers look randomly generated (e.g. 'DBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8f'); 3 string-concatenation chain(s) — consistent with name-mangling obfuscation.
|
|||
stream_041_off0003e9f3.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3E9F3 | 176140 bytes |
SHA-256: d178cb61a4f3563a9fd419a16d8e9c9d49e675c8a4cc00cccb071a91f1cc8605 |
|||
stream_045_off00084aec.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x84AEC | 44644 bytes |
SHA-256: b6a92ccbb20c1b0829d9626c90d95a99b1ecaa092b413506d6a564f7f6d7b43a |
|||
font_00_type1_off0000f23f.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0xF23F | 19521 bytes |
SHA-256: 7dd90e53239f84520c880ce818143c3017fc1f63ff9b1c0c507d256a48233b34 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
|
|||
font_01_type1_off00013f6b.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x13F6B | 22648 bytes |
SHA-256: a0c0f97ce941f8d94a35a71903ada17af4449addf17ec705b6d3e162b208b6b8 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
|
|||
font_02_type1_off000199fe.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x199FE | 26676 bytes |
SHA-256: e97aa1de573f002cadb544c683e08f51c77e1d87bce9582a23e5bb6875eb9fd4 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.97, consistent with packed or encrypted content.
|
|||
font_04_cff_off00024a07.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x24A07 | 986 bytes |
SHA-256: a3b99d25fc3e647f2ed20b333e058620b6becddc1245c2ebdc6377e770fd7dea |
|||
font_05_cff_off000318f1.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x318F1 | 1986 bytes |
SHA-256: 678a4080f77bb3bea4d0a6d848cb9b46ed10143ee9a27149f87a8ad3df277bdb |
|||
font_06_cff_off000320d4.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x320D4 | 664 bytes |
SHA-256: ec876e3a450383cbb87c280a9b5bce6020072faab44354b38cf2c203180c0bef |
|||
font_07_cff_off000325af.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x325AF | 2444 bytes |
SHA-256: 34327ebb61bef9818d2f8b5350259ddcc8ff55122f1ca7840c4d073b2a99f8dd |
|||
font_08_type1_off00032fe6.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x32FE6 | 7810 bytes |
SHA-256: e4f14d22cb83550337a1887828c1aaeaa9ff57cf3e3e9566119abfe21dc2680f |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.84, consistent with packed or encrypted content.
|
|||
font_09_type1_off00034f0e.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x34F0E | 12341 bytes |
SHA-256: 68178f62c0dadc3f46a31262faacaea0c0e37bfffcc5ad8b7b86055e89051ef5 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.90, consistent with packed or encrypted content.
|
|||
font_10_type1_off0003807b.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x3807B | 8364 bytes |
SHA-256: 9f30bf24982121aa32fe47bcf06d238afc508ac7011d6c0852f8b90503b0356d |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.83, consistent with packed or encrypted content.
|
|||
font_11_type1_off0003a1a1.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x3A1A1 | 5120 bytes |
SHA-256: 507a8ccb5bae6f5c0634766aea02b2ee17d57eff4bc5343c741d9c345e277c7e |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.71, consistent with packed or encrypted content.
|
|||
font_12_type1_off0003b6c8.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x3B6C8 | 7698 bytes |
SHA-256: 608b23f51c1224b5560ec9a5cf431a0c951ff519ba75b024a77398467b16c320 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.83, consistent with packed or encrypted content.
|
|||
font_14_sfnt_off0005a282.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A282 | 124172 bytes |
SHA-256: f69250fcf00ec35b2ae64193834f8f30b000a9d6b49f5c7e2008105cbad31503 |
|||
font_15_sfnt_off0006e039.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E039 | 125816 bytes |
SHA-256: 0d9a61d78e5fac410ca07304e888204f7fa5e7185b54c5e9818625d10411c3e8 |
|||
font_16_sfnt_off0007fce5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FCE5 | 80784 bytes |
SHA-256: 828cd0032985b6cafdd34e9ec35b6b21c27721286ac945d48e8595f6e635b106 |
|||
font_18_sfnt_off00095ed2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x95ED2 | 14552 bytes |
SHA-256: 597cd7a41103c38a47222b2c3c8e623b78a5bec538768b0679003db0b8d1cfc3 |
|||
font_19_type1_off000990c4.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x990C4 | 2478 bytes |
SHA-256: b98f7fa124536d2f0584b82f65ad1a32fe3462e59bdd50389a3e341b7ad41b6e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.