CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0548
Heuristics 3
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.linotype.comhttp://www.linotype.com/fontdesignersNOTIFICATION In PDF document text
- http://www.linotype.com/licenseHelveticaNeueLTIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/tiff/1.0/In PDF document text
- http://ns.adobe.com/exif/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/exif/1.0/aux/In PDF document text
- http://ns.adobe.com/camera-raw-settings/1.0/In PDF document text
- http://ns.adobe.com/photoshop/1.0/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://ns.adobe.com/lightroom/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://www.npes.org/pdfx/ns/id/In PDF document text
- http://ns.adobe.com/pdfx/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/g/img/In PDF document text
- http://ns.adobe.com/illustrator/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/t/pg/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/Dimensions#In PDF document text
- http://ns.adobe.com/xap/1.0/g/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ManifestItem#In PDF document text
- http://www.iec.chIn PDF document text
Extracted artifacts 27
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
icc_00_off00004c33.icc |
pdf-icc-profile | PDF ICC profile at offset 0x4C33 | 3144 bytes |
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
|||
font_00_cff_off000056c3.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x56C3 | 4474 bytes |
SHA-256: ad384208fe5dc3fd9970f7cf0157b088dfc5d6d998a1a9e891ee25b25d71dbb0 |
|||
font_01_cff_off00006711.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x6711 | 4524 bytes |
SHA-256: 010eaceeb87976535e475cb936db89a0ccf1f9e30a9d99691d7f550b226e3096 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.43, consistent with packed or encrypted content.
|
|||
font_02_cff_off000077fb.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x77FB | 2591 bytes |
SHA-256: 352764523665fa2f17b887e40f010b9c624469931ebf7a9d58ff3e8e94034a44 |
|||
font_03_cff_off00028993.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x28993 | 782 bytes |
SHA-256: 7d25616632dd8ae6a157c42ab90f9a6ba8491141a85737aca43b5b17bb97280b |
|||
font_04_sfnt_off0087dbe9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x87DBE9 | 34576 bytes |
SHA-256: 55c204f423496a1560877b3f09382a2fd6d8a52c3d09d1463d26d95faab98ee3 |
|||
font_05_sfnt_off008818fd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8818FD | 39257 bytes |
SHA-256: 0be2e5485860f49936a02cd82ab53fb9d96ca348b64d1cb335719b9e02907422 |
|||
font_06_sfnt_off00886288.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x886288 | 49457 bytes |
SHA-256: 1e12726955d1ec00d19044d07063b9fba874751fcbdecfeb7d4949ae55ff0f14 |
|||
font_07_sfnt_off0088bf01.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x88BF01 | 53272 bytes |
SHA-256: 68b71e6b16616f2356abc68115e040e5e5d5539558ab1407a956fff8f8fa27a5 |
|||
font_08_cff_off0095abda.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x95ABDA | 3046 bytes |
SHA-256: 2c74a6d586be351513ce6caddcc2369c2d0a609fe9f83cfbb0dc66219a6cd2ad |
|||
font_09_cff_off009cb993.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9CB993 | 8550 bytes |
SHA-256: cfb4972ad22c148bfe9d54c6d8fb9b01392cd4ccad5d17f61d096b4d495f09f1 |
|||
font_10_cff_off009cd801.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9CD801 | 4195 bytes |
SHA-256: 3da4ab8b69216c1679e9e2c9ac21cb26e712b9403f872cf8237af4c423bd4320 |
|||
font_11_cff_off009cf55a.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9CF55A | 2835 bytes |
SHA-256: 935ea02a60b1fc4cbe4ce2f1b02a9aa65656913f12950d8db8adaa141bd6ff41 |
|||
font_12_cff_off009d0523.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9D0523 | 4992 bytes |
SHA-256: a3cc6c2fde02df9b6539db9014a671f36a3480f2d209e2a2850566661eba1bf1 |
|||
font_13_cff_off009d18db.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9D18DB | 5424 bytes |
SHA-256: 5137d56672d6f76f5ab9bdd9a0383b1aac6a6295c01e06b0e2ac12f509a0589a |
|||
font_14_cff_off009d3d0e.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9D3D0E | 514 bytes |
SHA-256: 651b40b16214c8a6c775ef64470aab261f24a4de846e8c03e0ee690ff8d39319 |
|||
font_15_cff_off009d4068.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9D4068 | 12599 bytes |
SHA-256: ae544b55738f3fdbc9f6c16d3ced23920662f080c7ae2a37441a9e56709eca1a |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.44, consistent with packed or encrypted content.
|
|||
font_16_cff_off009d7299.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9D7299 | 10323 bytes |
SHA-256: bf197dbf34e0194dafabbe4e0509105229587b3c03ae0a7b071cd6d022bebc1d |
|||
font_17_cff_off009d9683.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9D9683 | 6778 bytes |
SHA-256: f4f59c9d841d177468d0ee7e2bdea799dde6f41065cdb8d191ba1812d0bafaa9 |
|||
font_18_cff_off009daee0.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9DAEE0 | 13636 bytes |
SHA-256: 44faf02b1b4d095071694d86da4962f66455f149a57eff42bb1d83d8be969d54 |
|||
font_19_cff_off009df165.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9DF165 | 2467 bytes |
SHA-256: 97adb2e113c07d216f5cefbaa9e7181dd92f28d05da4552ce538efdc7f0c2425 |
|||
font_20_cff_off009e0462.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9E0462 | 3164 bytes |
SHA-256: c74642ed645cf9a7b7d252881cf17d956f65cbf1c089ff253462689933dea1f6 |
|||
font_21_cff_off009e3566.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9E3566 | 5432 bytes |
SHA-256: 10766f889f61f841a4893f2b74a86ffcd7e0b76a0dcd2dfe39c8295569455a64 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.43, consistent with packed or encrypted content.
|
|||
font_22_cff_off009e4f9f.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9E4F9F | 3337 bytes |
SHA-256: 36700f42cb2f4fbb8144c6d8fddf1c47c808623df04bf26406d9028d6873d998 |
|||
font_23_cff_off009e6d30.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9E6D30 | 2498 bytes |
SHA-256: 3b12c208e1e99c91c9cb3c78adc6399b6cbe10304c7965e0bfc4c6d81e601ef2 |
|||
font_24_cff_off009e7e62.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9E7E62 | 4041 bytes |
SHA-256: 4b323fff456b649be22d8f674e7cde569278e0394920132f54a632f7971a6c15 |
|||
font_25_cff_off009f7f5d.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x9F7F5D | 518 bytes |
SHA-256: adede00bfc082b458aa079cb7f659d7f4f8653005feac7be5b57d944e04c6309 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.