PDF static analysis report

Static analysis result for SHA-256 7e80202c435d9d8c…

CLEAN

PDF

8.58 MB Authoring application: Nitro PDF Professional 6 First seen: 2017-03-27
MD5: 64a87b01ffc8f47bdf5e87b2a0b00732 SHA-1: c4cc7199a10646249c40ed3a3a1db9c0ab0d9ad2 SHA-256: 7e80202c435d9d8cfc63c854e95b5871de9ccf6fffbccacc2076366882976f3b
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0015

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.equalityindonesia.com/ PDF link annotation
    • http://www.equalityindonesia.com/)/TypeIn PDF document text
    • http://ocsp.verisign.com0In PDF document text
    • http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYouIn PDF document text
    • http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/CSPCA.crl0HIn PDF document text
    • http://www.microsoft.com/pki/certs/CSPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/tspca.crl0HIn PDF document text
    • http://www.microsoft.com/pki/certs/tspca.crt0In PDF document text
    • http://www.microsoft.com/typographyIn PDF document text
    • https://www.verisign.com/repository/RPA0In PDF document text
    • https://www.verisign.com/repository/CPS��In PDF document text
    • https://www.verisign.comIn PDF document text
    • https://www.verisign.com/repository/verisignlogo.gif0�In PDF document text
    • https://www.verisign.com/CPSIn PDF document text
    • https://www.verisign.com/repository/CPSIn PDF document text
    • http://www.microsoft.com/truetype/0In PDF document text
    • http://crl.verisign.com/ThawteTimestampingCA.crl0In PDF document text
    • http://crl.verisign.com/tss-ca.crl0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0OIn PDF document text
    • http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0In PDF document text

Extracted artifacts 8

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_014_off00070cbb.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x70CBB 198572 bytes
SHA-256: 14801aa778b3da642fa0ef0dca2fb9f6b52c78cfc3ac63fac50c873d89252c2c
stream_068_off0087c8c3.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x87C8C3 197164 bytes
SHA-256: 10d2a68df18ed7ba14b68bfc0699db3e6d6de8b51d8571d15795df64709dca5f
font_00_sfnt_off00001653.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1653 54792 bytes
SHA-256: 67fc207b1f350a5bbb87c316a7b1c083fb56e8d21272a3a581e827538492fb7a
font_02_sfnt_off00013841.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x13841 169476 bytes
SHA-256: a6eacb5f4c318f191f5c7ef56b8a9d24965db43dd12e86dc8eafc984e1163d47
font_03_sfnt_off000268fd.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x268FD 54520 bytes
SHA-256: 4e49a2d55be905e94718d8698d2acdf497009d2fbf6c7c1516c4c3fe5a3f73d9
font_05_sfnt_off0005b841.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x5B841 183164 bytes
SHA-256: fe4e1381826eb65041f92ce379e5272824c0cb80475e8936cbb36cac048b6601
font_07_sfnt_off00087fd4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x87FD4 95732 bytes
SHA-256: 6caf2609d8a57dd765ef3bec44ba0f10dfdb1ae065bf0bbcbbcb1152af1b75ef
font_18_sfnt_off008673df.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8673DF 183320 bytes
SHA-256: 90a5614769b83f794e8152d540a4397dba13d2777ea31a5980e9c677eef57efc