PDF static analysis report

Static analysis result for SHA-256 7378cbc76d4d41df…

CLEAN

PDF

87.6 KB Created: 2017-08-06 13:18:40 +08:00 Authoring application: Microsoft® Word 2016 First seen: 2017-08-27
MD5: 37ee1529fcc5271f7e98b7f8c5f49b1f SHA-1: b92ff3a841eb1665c0e762e47736778f95ea3230 SHA-256: 7378cbc76d4d41dff93c7f87bb0ebb534ecd4d3614f3af2f7693f47b0a48b2a0
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0540

Heuristics 2

  • Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URI
    PDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://bit.ly/2v6lGkR In PDF document text
    • http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYouIn PDF document text
    • http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
    • http://www.microsoft.com/typographyIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000024ee.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x24EE 173472 bytes
SHA-256: ad57695567d52b9e680e89babc17966358eca0de6e7781016c1fac9dba5bbe4e