PDF static analysis report

Static analysis result for SHA-256 4c0cbf3d89ec7262…

SUSPICIOUS

PDF

3.01 MB Authoring application: api.ilovepdf.com First seen: 2021-10-04
MD5: fdde4b3c4a7dc2be27882d13f55a5d78 SHA-1: 67b9d6eaf859d53d20b043e081ca7508c0f4f914 SHA-256: 4c0cbf3d89ec72624f269ca306c4a426130814680f43ddfdbd9e8482651f5fc7
44 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains an embedded link that points to a document on the sustainabledevelopment.un.org domain. While the domain itself is legitimate, the heuristic firing indicates this link was algorithmically generated, suggesting a potential attempt to disguise malicious intent. No scripts were extracted, and the document body was unreadable, limiting further analysis of the specific lure.

Machine Learning

  • Nyx PDF Classifier clean score 0.0012

Heuristics 3

  • PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINK
    PDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://croplife.org/crop-protection/regulatory/product- In PDF document text
    • http://www.cefic.org/Documents/RESOURCES/PositionPapers/CeficIn PDF document text
    • https://www.ileia.org/2016/09/22/agroecology-contributes-sustainable-development-goals/In PDF document text
    • https://www.fmprc.gov.cn/mfa_eng/zxxx_662805/W020161014332600482185.pIn PDF document text
    • https://www.icca-chem.org/wp-content/uploads/2017/02/Global-Chemical-Industry-Contributions-to-the-UN-Sustainable-In PDF document text
    • http://www.iocd.org/WhatWeDo/Current/sustainability.shtmlIn PDF document text
    • http://ipen.org/documents/ipen-beyond-2020-perspectivesIn PDF document text
    • http://www.saicm.org/Portals/12/documents/meetings/IP2/IP_2_7_IOMC.pdfIn PDF document text
    • https://kdsg.gov.ng/download/kadunaIn PDF document text
    • https://oecd-development-matters.org/2017/09/25/ever-heard-of-sdg-washing-the-urgency-of-sdg-due-diligence/In PDF document text
    • http://www.saicm.org/Portals/12/documents/meetings/IP2/IP_2_INF_4_BRS_.pdfIn PDF document text
    • https://thepartneringinitiative.org/newsIn PDF document text
    • https://www.sumitomo-chem.co.jp/english/csr/management/sdgs/contents.htmlIn PDF document text
    • https://textilesforsdgs.org/In PDF document text
    • https://www.wwf.ch/sites/default/files/doc-2018-In PDF document text
    • https://vinylplus.eu/community/sustainable-In PDF document text
    • https://croplife.org/crop-protection/regulatory/product-management/strategic-approach-to-international-chemicals-management/In PDF document text
    • http://www.cefic.org/Documents/RESOURCES/PositionPapers/Cefic-Sustainability-Charter-TeamingUp-For-A-SustainableEurope.pdfIn PDF document text
    • https://www.fmprc.gov.cn/mfa_eng/zxxx_662805/W020161014332600482185.pdfIn PDF document text
    • https://www.icca-chem.org/wp-content/uploads/2017/02/Global-Chemical-Industry-Contributions-to-the-UN-Sustainable-Development-Goals.pdfIn PDF document text
    • https://kdsg.gov.ng/download/kaduna-sdg-report/In PDF document text
    • https://thepartneringinitiative.org/news-and-views/tpi-blog/building-the-collaborative-world-we-need/In PDF document text
    • https://www.wwf.ch/sites/default/files/doc-2018-02/18_02_15_SDG_Goldstandard%20Report.pdfIn PDF document text
    • https://vinylplus.eu/community/sustainable-development-goalsIn PDF document text
    • https://github.com/jpt/barlow)AEFESB+BarlowCondensed-LightAEFESB+BarlowCondensed-LightAEFESB+BarlowCondensed-LightIn PDF document text
    • https://doi.org/10.1007/s11625-018-0596-8PDF link annotation
    • https://doi.org/10.1016/j.cogsc.2018.04.010In PDF document text
    • https://doi.org/10.5018/economicsIn PDF document text
    • https://www.basf.com/en/company/sustainability/employees-and-In PDF document text
    • https://www.dow.com/en-us/science-and-sustainability/highlights-and-reportingIn PDF document text
    • https://www.elsevier.com/events/conferences/green-and-In PDF document text
    • https://sustainabledevelopment.un.org/content/documents/20033CanadasVoluntaryNationalReviewENv6.pdfIn PDF document text
    • https://sustainabledevelopment.un.org/content/documents/16147Thailand.pdfIn PDF document text
    • http://www.ng.undp.org/content/dam/nigeria/docs/SDGs/Nigeria%20SDGs%2In PDF document text
    • https://doi.org/10.1016/j.cogsc.2018.06.019In PDF document text
    • https://www.sei.org/mediamanager/documents/Publications/SEI-2017-PB-Hoff-HowthePlanetary.pdfIn PDF document text
    • http://www.who.int/iomc/Chemicals_SDGs_interactive_Feb2018.pdfIn PDF document text
    • https://doi.org/10.1136/bmj.k4771In PDF document text
    • https://www.odi.org/sites/odi.org.uk/files/long-form-downloads/the_sdgs_and_their_trade-In PDF document text
    • https://doi.org/10.1038/nchem.2389In PDF document text
    • https://doi.org/10.1093/bmb/ldx031In PDF document text
    • https://doi.org/10.1002/2017ef000632In PDF document text
    • https://doi.org/10.1038/461472aIn PDF document text
    • https://doi.org/10.1016/j.marpol.2017.05.030In PDF document text
    • https://www.dst.dk/en/Statistik/Sdg/12-ansvarligt-forbrug-og-produktion/delmaal-04/indikator-1#istartIn PDF document text
    • https://doi.org/10.1126/science.1259855In PDF document text
    • http://www.stockholmresilience.org/research/research-In PDF document text
    • http://d2ouvy59p0dg6k.cloudfront.net/downloads/wwf_iseal_sdg_2017_28_feb.pdfIn PDF document text
    • https://www.accenture.com/t20161216T041642Z__w__/us-en/_acnmedia/Accenture/next-In PDF document text
    • https://www.gao.gov/products/GAO-18-307In PDF document text
    +40 more URL(s)

Extracted artifacts 8

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_022_off0018d726.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x18D726 427940 bytes
SHA-256: 8e17372df2a06eb03d5dcf82bbc291f22c72220e74adb34f65eb391ac6d719e2
stream_023_off001bd46b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1BD46B 396904 bytes
SHA-256: c63254b8a5b64ab4e9f0a8d00b008e73ff57dcff7b6abb836ce41a83119ac8a1
stream_047_off002af03e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2AF03E 827820 bytes
SHA-256: 3c29dddfd208e7f93bd4ee0f7447e6d36e6ddd3feb2c7000f97468dd0ad393f6
font_00_cff_off00001411.bin pdf-font-stream PDF embedded font (cff) at offset 0x1411 2905 bytes
SHA-256: 5b040d0db86b38096a2820b456f0893152380fdc73a6b50462aaadf8c3ecc626
font_01_sfnt_off000023c3.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x23C3 17198 bytes
SHA-256: 96c271f37b2649c13941c5f91c9ad0f00b9b92c7f0917e78db7a4c68a18e8130
font_02_sfnt_off00004db9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x4DB9 14783 bytes
SHA-256: 2efdde34b38765c447bd901f0b47b47b8ca993f33bf4c1419c0770407d2df4ba
font_04_sfnt_off001e909d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1E909D 306184 bytes
SHA-256: 40a39ec730641422d807b58ee73bbba1d5aa6b6fb996cfceb0af0c0815e115c0
font_05_sfnt_off00212d1b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x212D1B 285380 bytes
SHA-256: 23f7d407944800ed654b704a88922949c9bd307e1a218711e60e31b50733d0fe