PDF static analysis report

Static analysis result for SHA-256 627a0821f36d7457…

CLEAN

PDF

45.9 KB First seen: 2020-09-15
MD5: c66c308cb286cd1b3c464d4d645cbeb1 SHA-1: e10a92cd490ce19d99a6ff58cd430da4910fd622 SHA-256: 627a0821f36d7457dce7fd79ad76ccc3d6d58b90680123864a2daf901fc22769
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0011

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • https://sway.office.com/lcnZYmCr6GA8U0Qz?ref=LinkPDF link annotation

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_009_off00003b77.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3B77 5977 bytes
SHA-256: cda35cc626d7f1fdab9b05c29e87adb000fa00ad877b0c960d4004509f5d9d3f
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.43, consistent with packed or encrypted content.
font_00_cff_off00002c4d.bin pdf-font-stream PDF embedded font (cff) at offset 0x2C4D 3530 bytes
SHA-256: c0d25aedd9854504be1fe687cf97aaf0d79fa47dc946fc6234ddef9d3c721ad4