CLEAN
22
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0416
Heuristics 2
-
Clickable URI points to raw IP address medium PDF_URI_IP_LITERALPDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://79.172.211.32/mail/kJQnlf_xPbPYarQcadrimnQoltd16357917Gl.pdf PDF link annotation
- http://79.172.211.32/mail/YebsGYnhcriwaGYrrJoa16357593iPPc.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/iovnYoJrzdlkJGGYaw16359051e_s.pdfIn PDF document text
- http://www.masterdea.it/mobile/Piinforevd_nPGimQskmwsYeri15311292l.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/bJ_Pvdnbiee_fwPJGmwhs16203832mv.pdfIn PDF document text
- http://blog.creative-dots.com/mobile/khkvPsluntvxlztxvs16225582se.pdfIn PDF document text
- http://www.masterdea.it/mobile/utdtclekoPGYlvQethdumQ_msabYth15206010xxk.pdfIn PDF document text
- http://www.iowataxidermyassociation.com/osi/index.php/sdttc_YznluexJrYJYwvYwsvtn5988866ixu.pdfIn PDF document text
- http://79.172.211.32/mail/rGdQGvcfosPoe16357664lrnG.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/tQnhb__fssm16349435uxm_.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/aonPmircos_Q_hbzJlshxun_xf16366814v.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/eGzlrzwlwxerforxzuPor16349573v.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/ezdcrvctctveQmihrt_YQ16355068nf.pdfIn PDF document text
- http://79.172.211.32/mail/sdamvbf_fa_rvGzosuilbk16357430kz.pdfIn PDF document text
- http://79.172.211.32/mail/zikeJJxrhrbxinuwQottdkPvhcG16357445fom.pdfIn PDF document text
- http://79.172.211.32/mail/elGcltnlhc_JulGhQcbYiobztrrr16357565kh.pdfIn PDF document text
- http://79.172.211.32/mail/mvhdzovomsYQJdb16357598i.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/msofwwvhzcxQsmuasGwJ_oxrdJ16349787am.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/kstxYkewwwzbkvbYoxar16349413xdlP.pdfIn PDF document text
- http://79.172.211.32/mail/wmhcmGaxr16357610kY.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/nwoQmzYzxvnsnn16349194iGwz.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/rPr16349994QYcQ.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/P_trhlGzihkrxudkaw16355115dm.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/Ycdinmbzbvxoc16366928r_mi.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/inP_t16366921hJv.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/kdshPsidYubhtdrlueckroYef16366994P.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/odcrwQdPiwaJwkPxGY16359111b.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/rrPmsGeshtfnuJfYPGocr16359052zedb.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/xJQ16358811e.pdfIn PDF document text
- http://www.laureati.cz/perhapsorganize/xxnh16358389tQh.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/YxQcxtznkdxsQhrfJhif16354275aGQ.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/bdGdwihJPPYxnufJ16363963xGnu.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/fuGlnckeifdnuk_tiuJxceolh16354469nt.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/hrhPcwefs_mb16354759Pe.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/krJYsYtsrmJnrvzbcs16354949P.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/kzs_f_dhaefzQ16354796ta.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/lwzorznzfmeQ16354201Yoaa.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/sldPsntJdftu16354561csYe.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/sokbfsrJxklfJxQduzcfoQdYheGhlu16354613hk.pdfIn PDF document text
- http://www.alistatrans.ru/bbs/vzQnbbxtixdmaQPxhsbhodwP16354866Qz.pdfIn PDF document text
- http://79.172.211.32/mail/Gflnfefldrt_vh_flrw_Qrfin16358168kJzc.pdfIn PDF document text
- http://thestoveinstallationcompany.co.uk/historydepartment/Gmb_JbQwbklukhhxdJteaGfkJ16349704JwaP.pdfIn PDF document text
- http://79.172.211.32/mail/Guivmc_it16357492k.pdfIn PDF document text
- http://dubaipropertyrentals.net/idealow/causemusic.php/site_map.xmlIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00006eec.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x6EEC | 19856 bytes |
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120 |
|||
font_01_sfnt_off0000a47e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA47E | 19964 bytes |
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8 |
|||
font_02_sfnt_off0000da37.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA37 | 20828 bytes |
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.