PDF static analysis report

Static analysis result for SHA-256 88755fd6576ff837…

CLEAN

PDF

182.7 KB Created: 2021-03-23 18:44:02 +00:00 Authoring application: mPDF 6.0 First seen: 2026-05-22
MD5: 3e65a37406bd3ad195289a334d7e1782 SHA-1: 12eff8e0e5c07f82c528002b546ee55842abc32b SHA-256: 88755fd6576ff8374560c3ddb53b01e22a3705d112588719dc514f07b982205e
2 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file triggered a generic stage recovery heuristic, indicating the presence of embedded JavaScript. This JavaScript is likely designed to download and execute further malicious content. The benign URLs present do not appear to be directly related to the malicious activity.

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 1

  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dejavu.sourceforge.net In PDF document text
    • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off0002c65a.icc pdf-icc-profile PDF ICC profile at offset 0x2C65A 560 bytes
SHA-256: e5f6ffb83b6d3491301dd750975684cc5cc2a1951c994a14b08cfdaa0d75a041
font_00_sfnt_off00000d70.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xD70 25964 bytes
SHA-256: 1995f72ebefde4b7931f3812229aaef9498f3dd5456d37b8b8b9707d65115e80
font_01_sfnt_off00004418.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x4418 27400 bytes
SHA-256: a95338c9ad160e477be745788ea9119656fb4a943f0f9d3a75998869935adf89