PDF static analysis report

Static analysis result for SHA-256 5294daaa1c929cce…

CLEAN

PDF

309.2 KB Created: 2010-02-15 22:22:23 UTC Authoring application: TeX (via pdfTeX-1.40.3) First seen: 2026-05-09
MD5: c707ecf9671bb87968033653aa8c282c SHA-1: c54de3a381210d1fa28789d870c8e27729b4e735 SHA-256: 5294daaa1c929cce0c7dfe53c7d5f1022d813139e7c9d99f158ecebb61065d90
4 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 2

  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gust.org.pl In PDF document text
    • http://www.gust.org.pl/fonts/licenses/GUST-FONT-LICENSE.txtIn PDF document text
    • http://tug.org/fonts/licenses/GUST-FONT-LICENSE.txtIn PDF document text

Extracted artifacts 18

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_020_off0001f570.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1F570 14922 bytes
SHA-256: c87c34d382b3fe1742c0095fd7a2983053a63693a80e149a0292341a2965fcf4
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.94, consistent with packed or encrypted content.
stream_025_off00034ecc.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x34ECC 2594 bytes
SHA-256: e7d14d31cfa8d9544f17b825c1e861114b64eb05e703a347d239a4ee208e5022
stream_026_off000357ba.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x357BA 2589 bytes
SHA-256: 7e5b9b11d211385c1b51561486f606ce00e2cc1b15d27c0359128d6135c95ebb
stream_027_off000360ad.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x360AD 2563 bytes
SHA-256: 6bb33f469c0913b48c3072f9848ad4e4b957dadd7c8fd87bb7d3083a3961fe19
stream_028_off00036983.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x36983 2872 bytes
SHA-256: ea4c300e36b66fc6780e7591c3538c4b6376a1e59fbe055f9180432b60a28894
stream_029_off00037398.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x37398 23011 bytes
SHA-256: 8eed82b9ec3091a60d9cd268d35f64c1594e894e752ef8cfd0850659b3a3fc8e
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
font_00_type1_off0000a9bf.bin pdf-font-stream PDF embedded font (type1) at offset 0xA9BF 4112 bytes
SHA-256: 0bd5c0920f8776dba54fe78f225d674631e591ab158ad076e91742f869f9eafe
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.44, consistent with packed or encrypted content.
font_01_type1_off0000b8c1.bin pdf-font-stream PDF embedded font (type1) at offset 0xB8C1 2453 bytes
SHA-256: 80bea6a1c335c0c8b71c6c60f2104e1e6058992a4fea8cd19efdcd1dae0ad1ee
font_02_type1_off0000c129.bin pdf-font-stream PDF embedded font (type1) at offset 0xC129 32535 bytes
SHA-256: 9767c18230d0b05238a8333c9548729b9e9e9108806a86d385ca277211bc0bdf
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
font_03_type1_off00013e12.bin pdf-font-stream PDF embedded font (type1) at offset 0x13E12 23591 bytes
SHA-256: 4d04000c3db8d6ba43e4a96c23246efeaa9dda353d233c2d2d754a7d8800c90f
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
font_04_type1_off000198fd.bin pdf-font-stream PDF embedded font (type1) at offset 0x198FD 23993 bytes
SHA-256: b9273d4ebd79ccd504d6eeb960355f3ac4c014337a366c5580288ac8fa994e06
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
font_06_type1_off00022f0c.bin pdf-font-stream PDF embedded font (type1) at offset 0x22F0C 21925 bytes
SHA-256: a85186c0924a2e735f653fc3b86df59aa0656ef9802fc23785bc584615630fc1
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
font_07_type1_off000283cf.bin pdf-font-stream PDF embedded font (type1) at offset 0x283CF 24001 bytes
SHA-256: 37d42f82470bcb79e44466f00dbdd765f7c2fa62502d41caf9645bf9cf289b3a
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
font_08_type1_off0002e060.bin pdf-font-stream PDF embedded font (type1) at offset 0x2E060 13145 bytes
SHA-256: 3074def11a93f26babd3dd559e0c29d906c8068c012df2259dcc76b6f57546f6
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.92, consistent with packed or encrypted content.
font_09_type1_off000312d8.bin pdf-font-stream PDF embedded font (type1) at offset 0x312D8 15637 bytes
SHA-256: 88b39051b19f064a6a847817c165281d974156e940c33e9c6fe09a16360ccd05
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.93, consistent with packed or encrypted content.
font_15_type1_off0003cc1e.bin pdf-font-stream PDF embedded font (type1) at offset 0x3CC1E 15285 bytes
SHA-256: 0044b0099656e7d4bd979ec19b81f0578470634fd215e4a2f01c5165cec9826b
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.93, consistent with packed or encrypted content.
font_16_type1_off000406de.bin pdf-font-stream PDF embedded font (type1) at offset 0x406DE 19437 bytes
SHA-256: 79d44cb21f9b3bf79b2db2dd8b4b17f5a660ed620609ffb5d601cdc9d0df355b
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
font_17_type1_off000451bc.bin pdf-font-stream PDF embedded font (type1) at offset 0x451BC 27071 bytes
SHA-256: a1677fbdf42d41d16ad7bfeb9072141bd2d5280d072080ef7e8a3e95c8415e98
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.