CLEAN
14
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0004
Heuristics 4
-
AcroForm button with action trigger low PDF_ACROFORM_BUTTONPDF contains a /Btn form field together with a SubmitForm/URI/Launch/JS trigger — this is the building block of fake 'Download' or 'Open' button overlays used in PDF phishing lures
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.allenovery.com/AOWEB/PeopleOffices/OfficeMap.aspx?contentTypeID=6&itemID=31239&prefLangID=410 PDF link annotation
- http://www.allenovery.com/AOWEB/PeopleOffices/OfficeMap.aspx?contentTypeID=6&itemID=31239&prefLangID=410)/S/URI/Type/ActionIn PDF document text
- http://www.linotype.comhttp://www.linotype.com/fontdesignersNOTIFICATIONIn PDF document text
- http://www.linotype.com/licenseTradeIn PDF document text
- http://www.linotype.com/licensePraxisIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/exif/1.0/In PDF document text
- http://ns.adobe.com/photoshop/1.0/In PDF document text
- http://ns.adobe.com/tiff/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/g/img/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ManifestItem#In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://www.iec.chIn PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off0000417f.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x417F | 557164 bytes |
SHA-256: 00b975a74fcb50a1d80d6187d2af692e9355ac45eb8a8948c0b6e17ff8db9407 |
|||
stream_022_off00086f7b.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x86F7B | 48351 bytes |
SHA-256: 1e4ece98b007295fa0352bdc195f18a33d4d69cbe78d5b553a4afa2b4bfe9b30 |
|||
icc_01_off000673e3.icc |
pdf-icc-profile | PDF ICC profile at offset 0x673E3 | 3144 bytes |
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
|||
icc_02_off0007d05a.icc |
pdf-icc-profile | PDF ICC profile at offset 0x7D05A | 560 bytes |
SHA-256: e5f6ffb83b6d3491301dd750975684cc5cc2a1951c994a14b08cfdaa0d75a041 |
|||
font_00_sfnt_off00001024.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1024 | 26304 bytes |
SHA-256: ed1b97b0ba72197003900a58ca22b1422aeab0cd4bd12bbb57121958f4462cf3 |
|||
font_02_sfnt_off0008c983.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8C983 | 26021 bytes |
SHA-256: 8054b220b8d64eb00c60a0496dac065c53bde4906eaac8ccc7efb514632e2ad3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.