PDF static analysis report

Static analysis result for SHA-256 759365fd7f37a344…

CLEAN

PDF

10.73 MB First seen: 2019-12-10
MD5: 50b839cf640ab68fd8885a1669e389c9 SHA-1: db1f4bce45e41b6eb83e1dd88f34c0d7cf7fe3c3 SHA-256: 759365fd7f37a344c682452a9e64d20db5792488c8b34069e09164ca50b4790c
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0133

Heuristics 2

  • Unusually high stream count medium PDF_MANY_STREAMS
    PDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.ftapass.or.kr)������ In PDF document text
    • http://www.ftapass.or.krIn PDF document text
    • http://portal.customs.go.kr/In PDF document text
    • http://portal.customs.go.krIn PDF document text
    • http://portal.customs.go.kr)���In PDF document text
    • http://get.adobe.com/kr/air/In PDF document text
    • http://java.com/ko/download/In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/rights/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text
    • http://www.iec.chIn PDF document text

Extracted artifacts 15

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_054_off00a9e1f0.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xA9E1F0 14680 bytes
SHA-256: c72eb75e3d09172aa09fafb1d8c4b7e46e6885634361ca4d3ad4a767c72940d4
icc_00_off00a72905.icc pdf-icc-profile PDF ICC profile at offset 0xA72905 3144 bytes
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
font_00_sfnt_off00a806d9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA806D9 8788 bytes
SHA-256: d9f2c652dd5e770adc77e0cd5f99e9312efee5c2b5b5069d3da8699d08c9925d
font_01_sfnt_off00a820e7.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA820E7 876 bytes
SHA-256: c017fc9bb24b9c9a64db9b0681672934d6580c5a210a476c5b08fd824d19cdb2
font_02_sfnt_off00a82a4d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA82A4D 3004 bytes
SHA-256: 782381dffb61e339edd932b50b58390b40886eef817244e1e620d80b0994141b
font_03_sfnt_off00a83a3a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA83A3A 3756 bytes
SHA-256: d1a399aca03d2e0d12e5998c03b5609718504d7d06068688e1363a5c3484cad4
font_04_sfnt_off00a84a87.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA84A87 4036 bytes
SHA-256: 7d2cc69459efe910af24718bc00618e0b92c01c00e4de45c85db2514d3013913
font_05_sfnt_off00a85b45.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA85B45 36052 bytes
SHA-256: 22948c3bf3eb619d66a72be0437faf63b0767538d8ca980fecfc010bc75c6388
font_06_sfnt_off00a8c495.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA8C495 25532 bytes
SHA-256: 1ed210359dd9ca25dac7b65feb80a66fff20a539d5d067bcced2d28075527582
font_07_sfnt_off00a9119f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA9119F 107460 bytes
SHA-256: cbceede916e9baf14327d827eb550f6fbc5300ac88a7c1bbb9b2c04b9cc8a82b
font_09_sfnt_off00aa0f52.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAA0F52 1480 bytes
SHA-256: 9d18cd706715cfda9cb93834cdec41238cac0a9d5cb83c382e0d011972d605f8
font_10_sfnt_off00aa18ce.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAA18CE 11088 bytes
SHA-256: 1fa33df88e8570ee9ac5739cb70ffc5474220423963b46bf0cf1c0081a9c4c25
font_11_sfnt_off00aa3946.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAA3946 27272 bytes
SHA-256: ad6f717125ad7880347d3fddbccdc420d80a590e0173586c4acbd82d6824359f
font_12_sfnt_off00aa7677.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAA7677 20332 bytes
SHA-256: cd124a25ee62c5d1bb7026545c271011cc4457026f8059880d47ea9bf401d834
font_13_sfnt_off00aab0c2.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAAB0C2 1760 bytes
SHA-256: 73a68bfc33e0c82f0cb3c9f73b29de60984a947d7660d85ccc776c5f705c7847