PDF static analysis report

Static analysis result for SHA-256 4faa54d39527eb90…

CLEAN

PDF

329.1 KB Created: Û023ÌüDp027[013ØPÓ5øÃWDöÊÞR–ˆýf030g ïê@0053r9lb023ÏIÏ002õ%¡ä Authoring application: Û023ÌüDp027[013ØPÓ5øÃv»?Vb2`º020Í3+þ021K̓032ӀWL×013ÿYÛ ‹Q005µt¨T022»«$sX,½002<021033Ö (via Û023ÌüDp027[013ØPÓ5øÃv»?Vb2`º020Í3+þ021KÍ­·úÜa±y䯈á ÷wÉ/003¿ÞµÊè-ŵóWéõ024Hza´Â7gCIྦྷîgT¬¦ªw›ûéŠe020"+026Â"005ƒR]&Œ¦„|ux023……020002¼~005ß003Õ017031–023Ä hKÔҁKKZ>rÀ5L002•¤áބL¾9ßk>˜{µ­036Fõˆ³¯017) First seen: 2023-10-17
MD5: 162783b5ace43b8ca37afffced09261f SHA-1: dc5c3a37b62b21054e39d0539a5f22294053ea4c SHA-256: 4faa54d39527eb909d9fe4cc59f96d805d34050b3abe18f14d0547e5003fedf2
4 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 2

  • Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTED
    PDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X In PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
    • http://www.microsoft.com/Typography/0In PDF document text

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_014_off00013a8e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x13A8E 142268 bytes
SHA-256: 095b2e8371ffd53942d06fbc23ac6a020d913a445bb9b7b8e481695365bdb09d
stream_015_off0001cd00.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1CD00 144040 bytes
SHA-256: acf5ed243f230832bdb5a3e3db01c780c28e7a92749cb8aaffdacdc7c1bac1d9
stream_016_off00026533.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x26533 195456 bytes
SHA-256: bd6cf80294a9218cbecc8b30e994278343f7777de2bc93f59290970169c469fb
stream_017_off00033fbf.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x33FBF 201340 bytes
SHA-256: 53ef5da9f45b798bbfe1ccc98ba37bd93b736c73a61e26446de40b93b010b17e