MALICIOUS
64
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LUREPDF has 1 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text
- http://ns.adobe.com/iX/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000090ee.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x90EE | 760 bytes |
SHA-256: 2037484f8311dc61f57b9af962fb168cface106c55faa6d8b9ea52b1d8394172 |
|||
font_01_sfnt_off000093f7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x93F7 | 1024 bytes |
SHA-256: ef22adebf6888245cbab137665707f4f4fada05c5842382bf03d04bcd0bbeb03 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.