PDF static analysis report

Static analysis result for SHA-256 7e4d6c1cf5cb9aa7…

CLEAN

PDF

145.0 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-20
MD5: a0dd7606bbe648f6a783e9e69960107d SHA-1: 2c39da9a7e92e507b4c4a81f701ab516b292a37b SHA-256: 7e4d6c1cf5cb9aa73a33e67041456c4eed94bd519f4386f8d6e9ca6325f6f0f0
12 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://hititx.com/1405 PDF link annotation
🗂 Part of campaign: shared payload b9e206cd2a 10 samples

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_020_off0001a7eb.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1A7EB 51360 bytes
SHA-256: d93b8a764e457a1ed59261c873f1f5957897e451862fdce22fe4c6418f9fcaeb
icc_00_off00000294.icc pdf-icc-profile PDF ICC profile at offset 0x294 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off000155f4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x155F4 26772 bytes
SHA-256: 68a8accd4f18e56f6a5eefa59e7ccff083047089aef7928d12cb331c30dd3371
font_01_sfnt_off00019d5b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x19D5B 46964 bytes
SHA-256: b9e206cd2a632c2585864de279185fd917718a851da2cdd67c18f3d47a950ccc
font_03_sfnt_off000225ee.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x225EE 182432 bytes
SHA-256: c58cd7a20c63d2d9e74997e879c1f1585b60f3201a96816df8bd73b5d1a03c84