PDF static analysis report

Static analysis result for SHA-256 6a514f29585d07d9…

CLEAN

PDF

550.7 KB First seen: 2022-07-15
MD5: fb72317117428f9a1ec1fb420c8a1840 SHA-1: f18fbfb7de951d196dcba32b14cd3838a19984a9 SHA-256: 6a514f29585d07d9b3af52faea2ab3ad5136f8bbf304228fc6b9ad864a8db005
6 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The primary heuristic indicates this PDF is an advance-fee scam, using language related to lotteries, prizes, or parcels to trick the user. While no scripts were extracted, the presence of an external URI pointing to a legitimate-looking site suggests a potential attempt to gather information or redirect the user. The overall structure and content align with common phishing and social engineering tactics.

Machine Learning

  • Nyx PDF Classifier clean score 0.0023

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.totalbatteryconsulting.com/industry-reports/xEV-report/Extract- In PDF document text
    • https://www.autovistagroup.com/news-and-insights/eu-subsidise-In PDF document text
    • http://www.bjcz.gov.cn/zwxx/tztg/t20160414_602511.htmIn PDF document text
    • http://bellona.org/news/transport/electric-In PDF document text
    • http://www.byd.cn/BYDEnglish/In PDF document text
    • http://chinaautoweb.com/2017/01/best-selling-china-made-evs-in-2016/In PDF document text
    • http://www.hybridcars.com/gm-ev-battery-cells-down-to-In PDF document text
    • https://www.economistIn PDF document text
    • http://ev-sales.blogspotIn PDF document text
    • http://szs.mof.gov.cn/In PDF document text
    • http://www.elektroniknet.de/design-elektronik/power/bundesregierung-foerdert-In PDF document text
    • https://hipa.hu/In PDF document text
    • http://www.hybridcarsIn PDF document text
    • http://www.oica.net/category/production-In PDF document text
    • https://electrekIn PDF document text
    • https://www.marklinesIn PDF document text
    • http://www.chinatax.gov.cn/In PDF document text
    • http://www.miit.gov.cn/n1146290/n4388791/c5600433/content.htmlIn PDF document text
    • http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057585/n3057589/c5375253/In PDF document text
    • http://www.miit.gov.cn/n1146295/n1652858/n1652930/In PDF document text
    • http://www.miit.gov.cn/In PDF document text
    • http://www.ndwww.cn/xw/ndxw/2016/0909/28551.shtmlIn PDF document text
    • http://nissaninsider.co.uk/made-in-britain-the-new-nissan-In PDF document text
    • https://www.ethree.com/documents/E3-NRDC_EVs_In PDF document text
    • http://www.m-five.de/pdf/M_Five_Battery_Value_Chain_in_GER_160703_FINAL.pdfIn PDF document text
    • http://www.samsungsdi.com/sdi-news/1642.html?pageIndex=1&idx=16In PDF document text
    • http://www.szpbIn PDF document text
    • http://www.theicctIn PDF document text
    • https://www.arbIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • https://www.arb.ca.gov/msprog/acc/mtr/acc_mtr_summaryreport.pdfIn PDF document text
    • https://www.cliffordchance.com/briefings/2017/02/foreign_direct_In PDF document text
    • https://www.theicct.org/publications/In PDF document text
    • http://michiganradio.org/post/gm-criticized-seeking-detroit-tax-abatementIn PDF document text
    • http://www.rgj.com/story/news/2014/09/04/nevada-In PDF document text
    • http://www.handelsblatt.com/unternehmen/industrie/e-mobilitaet-elektroautos-und-In PDF document text
    • https://www.theicct.org/publications/ec-proposal-In PDF document text
    • http://www.manager-magazin.de/unternehmen/autoindustrie/In PDF document text
    • http://ec.europa.eu/competition/state_aid/cases/241370/241370_1612444_272_2.pdfIn PDF document text
    • http://europa.eu/rapid/press-release_In PDF document text
    • http://www.eib.org/efsi/what-is-efsi/In PDF document text
    • http://ec.europa.eu/In PDF document text
    • http://www.chinadaily.com.cn/cndy/2012-07/10/content_15563187.htmIn PDF document text
    • https://www.reuters.com/article/us-lgchem-factory-poland/lg-to-open-europes-In PDF document text
    • https://www.golem.de/news/autoakkus-terra-e-baut-fabrik-fuer-batteriezellen-wohl-In PDF document text
    • http://www.mlive.com/business/west-michigan/indexIn PDF document text
    • https://www.theicct.org/publications/EV-capitals-of-the-worldIn PDF document text
    • http://theicct.org/literature-review-power-utility-best-practices-In PDF document text
    • https://www.theicct.org/publications/emerging-best-practices-electric-vehicle-In PDF document text
    +47 more URL(s)

Extracted artifacts 7

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off000035ac.bin pdf-font-stream PDF embedded font (cff) at offset 0x35AC 8627 bytes
SHA-256: 63dd0a28db969202e0147f0d267c0e028e280657ba0fe7f8df6480ed95a3eb58
font_01_cff_off00004f43.bin pdf-font-stream PDF embedded font (cff) at offset 0x4F43 5225 bytes
SHA-256: bb6c770008b2634afc6cb40fbfb680f98b010b62275df8b16681913d1d554e7c
font_02_cff_off00005fe9.bin pdf-font-stream PDF embedded font (cff) at offset 0x5FE9 4964 bytes
SHA-256: 69b29db008e2235f1e05c4aa1332ce9020d59d5d6e5fb5292bb85592088f4fcd
font_03_cff_off00013f6b.bin pdf-font-stream PDF embedded font (cff) at offset 0x13F6B 1988 bytes
SHA-256: cb63493004e1bba9b41b989ecf55713ecaa5e445e90eafac4d7f34631486f720
font_04_cff_off0007c8a6.bin pdf-font-stream PDF embedded font (cff) at offset 0x7C8A6 1771 bytes
SHA-256: fc3238b0ee0b25f1e2e7462567da0d4bb77c9a40e44da05ea6877f2d2ecb3e94
font_05_cff_off0007db7c.bin pdf-font-stream PDF embedded font (cff) at offset 0x7DB7C 6015 bytes
SHA-256: 83cf53f20c4d5d5ca6501b77dfbc24bacbb83039a63b92ecaa54e1e0cf64cb14
font_06_cff_off0007ef61.bin pdf-font-stream PDF embedded font (cff) at offset 0x7EF61 33068 bytes
SHA-256: 77dd7c1cfe92d205f94b3ce284ea700acc134476397ffad8a8922e4e776cb953
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.40, consistent with packed or encrypted content.