PDF static analysis report

Static analysis result for SHA-256 815151412f310c14…

CLEAN

PDF

68.7 KB Created: 2018-07-11 08:43:40 -07:00 Authoring application: Microsoft® Word 2016 First seen: 2019-08-04
MD5: 6b0b6a533b45604137af4ffd7b8580b3 SHA-1: d5f3873e33261aaa4e4ab6383b53617bce14752e SHA-256: 815151412f310c14cca7fc5b97513f20988b480234d7ee1e1bcc9dcb6d79f3a2
2 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains several embedded URLs, all of which have been confirmed as benign. However, the presence of embedded URLs in a suspicious document suggests a potential phishing or social engineering attempt. No scripts were extracted from this sample, and the document body is heavily truncated, limiting further analysis. The primary heuristic firing indicates the presence of an embedded URL, which is a common technique for delivering malicious content.

Machine Learning

  • Nyx PDF Classifier clean score 0.0004

Heuristics 1

  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYouIn PDF document text
    • http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
    • http://www.microsoft.com/Typography/0In PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00006495.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x6495 51740 bytes
SHA-256: 4a2db6ef785ee4282b21c29540323352056e2c9c479558120d284d53b2a026ba
font_01_sfnt_off0000a66f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA66F 60812 bytes
SHA-256: 86b2f8baaf53ee972851c18bee744e892003302c71090197d104bc8e4526edd1