PDF static analysis report

Static analysis result for SHA-256 721d68c68b97965a…

CLEAN

PDF

621.9 KB Created: 2010-04-19 10:56:36 +01:00 Authoring application: Adobe InDesign CS3 (5.0.2) (via Adobe PDF Library 8.0) First seen: 2026-05-11
MD5: e7a68f9a5139e4035185a20e54e5e1b7 SHA-1: 0275dadc37effb1533635d2f08af27e3969e48be SHA-256: 721d68c68b97965a1777978d5abf6ba4334588b992b95e0bdafec556e4a5d452
14 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0004

Heuristics 4

  • AcroForm button with action trigger low PDF_ACROFORM_BUTTON
    PDF contains a /Btn form field together with a SubmitForm/URI/Launch/JS trigger — this is the building block of fake 'Download' or 'Open' button overlays used in PDF phishing lures
  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.allenovery.com/AOWEB/PeopleOffices/OfficeMap.aspx?contentTypeID=6&itemID=31239&prefLangID=410 PDF link annotation
    • http://www.allenovery.com/AOWEB/PeopleOffices/OfficeMap.aspx?contentTypeID=6&itemID=31239&prefLangID=410)/S/URI/Type/ActionIn PDF document text
    • http://www.linotype.comhttp://www.linotype.com/fontdesignersNOTIFICATIONIn PDF document text
    • http://www.linotype.com/licenseTradeIn PDF document text
    • http://www.linotype.com/licensePraxisIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/exif/1.0/In PDF document text
    • http://ns.adobe.com/photoshop/1.0/In PDF document text
    • http://ns.adobe.com/tiff/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/g/img/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ManifestItem#In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://www.iec.chIn PDF document text

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000417f.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x417F 557164 bytes
SHA-256: 00b975a74fcb50a1d80d6187d2af692e9355ac45eb8a8948c0b6e17ff8db9407
stream_022_off00086f7b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x86F7B 48351 bytes
SHA-256: 1e4ece98b007295fa0352bdc195f18a33d4d69cbe78d5b553a4afa2b4bfe9b30
icc_01_off000673e3.icc pdf-icc-profile PDF ICC profile at offset 0x673E3 3144 bytes
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
icc_02_off0007d05a.icc pdf-icc-profile PDF ICC profile at offset 0x7D05A 560 bytes
SHA-256: e5f6ffb83b6d3491301dd750975684cc5cc2a1951c994a14b08cfdaa0d75a041
font_00_sfnt_off00001024.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1024 26304 bytes
SHA-256: ed1b97b0ba72197003900a58ca22b1422aeab0cd4bd12bbb57121958f4462cf3
font_02_sfnt_off0008c983.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8C983 26021 bytes
SHA-256: 8054b220b8d64eb00c60a0496dac065c53bde4906eaac8ccc7efb514632e2ad3