PDF / .VIR static analysis report

Static analysis result for SHA-256 90c6c8683faa9a52…

CLEAN

PDF / .VIR

5.10 MB Created: 2020-08-27 18:25:22 +03:00 Authoring application: Adobe InDesign 15.0 (Windows) (via Adobe PDF Library 15.0) First seen: 2026-05-17
MD5: be0e6819cd0c4f6a816d26ee031355b5 SHA-1: 7ff97a8774adfa2721cad6d357d8f85aa6d5120b SHA-256: 90c6c8683faa9a52111de191ef79a8b39561cc7de4602275fff55fa455542aa5
4 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0148

Heuristics 2

  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.color.org In PDF document text
    • http://www.science-education.ru/ru/article/view?id=25841In PDF document text
    • https://kopilkaurokov.ru/nachalniyeKlassi/pre-In PDF document text
    • https://theslide.ru/detskie-prezen-In PDF document text
    • http://3dobrazovanie.ruIn PDF document text
    • https://make���3d.ru/articles/chto-takoe���3d-ruchka/In PDF document text
    • https://www.prodlenka.org/metodicheskie-razrabotki/dopolnitelnoe-obrazovanie/risovanie-grafika-v-do/331751-obrazovatelna-In PDF document text
    • https://rosuchebnik.ru/material/3-d-ruchka-v-detskom-sadu���27143/???history=20&pfid=1&sample=9&ref=0In PDF document text
    • http://www.color.org)/S/GTS_PDFX/Type/OutputIntentIn PDF document text
    • http://www.law.edu.ru/article/article.asp?arti-In PDF document text
    • https://www.dissercat.com/content/nravstvennye-osnovaniya-sovre-In PDF document text
    • https://www.dissercat.com/content/sootnoshenie-pra-In PDF document text
    • https://iz.ru/news/607066In PDF document text
    • https://www.vedomosti.ru/technology/news/2014/02/25/direktor-fskn-rossijskaya-nar-In PDF document text
    • http://constitution.kremlin.ru/In PDF document text
    • https://base.garant.ru/1305454//In PDF document text
    • http://docs.cntd.ru/document/1200109440In PDF document text
    • https://nsportal.ru/nachalnaya-shkola/dlya-kom-In PDF document text
    • https://infourok.ru/In PDF document text
    • https://urok.1sept.ru/%D1%81%D1%82%D0%B0%D1%82In PDF document text
    • https://bio.1sept.ru/view_article.phpIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://www.npes.org/pdfx/ns/id/In PDF document text
    • http://ns.adobe.com/pdfx/1.3/In PDF document text
    • http://www.extensis.com/meta/FontSense/In PDF document text

Extracted artifacts 32

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000ccd2.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xCCD2 19265 bytes
SHA-256: 8b832fcc81a79198c8eb1665b937d346f3f1ae3a21babb7da0486bafff18e16b
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.41, consistent with packed or encrypted content.
stream_008_off000159c1.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x159C1 16131 bytes
SHA-256: 9810ffcf1261c1a0bd469de4b6f5361fcfb5ec7c1c1b243dc2a5e2f5c1106a2c
stream_055_off00054413.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x54413 10910 bytes
SHA-256: 5a0ab69529feda06565f27161c96fc32518b5c68acd5a498d582bbcef3aff27a
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.50, consistent with packed or encrypted content.
font_00_sfnt_off0000777b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x777B 52165 bytes
SHA-256: 9538c897791df79607fb113635adf904b3b4e4708131fa01f3d77100f1f22d22
font_02_cff_off00011b87.bin pdf-font-stream PDF embedded font (cff) at offset 0x11B87 18238 bytes
SHA-256: f0881702ac62ca64b5cf477b27dd716fea924305d3a116d48d3fd31a42238d3f
font_04_cff_off00019c59.bin pdf-font-stream PDF embedded font (cff) at offset 0x19C59 1988 bytes
SHA-256: 3e61c1efa62e57c09a373f5a855b0930c433cb85980238ef48c5f9cc687f6b71
font_05_cff_off0001a8da.bin pdf-font-stream PDF embedded font (cff) at offset 0x1A8DA 334 bytes
SHA-256: ef9f18d02b102bb75aaadd606521ad63697b0ceb871109ccea354e44eca8a696
font_06_cff_off0001adae.bin pdf-font-stream PDF embedded font (cff) at offset 0x1ADAE 3484 bytes
SHA-256: ab3a7d4f284a30261c550c056040761cb4fa9822b664b29e44ec30fe4ecc70e1
font_07_cff_off0001c3a5.bin pdf-font-stream PDF embedded font (cff) at offset 0x1C3A5 3833 bytes
SHA-256: 18db74f2087871cb11ad5617ccceb12e8af646035cd825ab3562c4112f6c163d
font_08_cff_off0001dbd7.bin pdf-font-stream PDF embedded font (cff) at offset 0x1DBD7 14910 bytes
SHA-256: 8334e96fb11d5f3f25874565a400dd10130f9ebf1de1c2b24620db8e59da84b7
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.42, consistent with packed or encrypted content.
font_09_cff_off00023008.bin pdf-font-stream PDF embedded font (cff) at offset 0x23008 2869 bytes
SHA-256: af8b488b1bd3b7501fc0c096bbc01053d3818d85dba0092653aff88244f44cc3
font_10_cff_off00023edc.bin pdf-font-stream PDF embedded font (cff) at offset 0x23EDC 334 bytes
SHA-256: 0ebfc55759b11a2d7c37ec631f1d6ba047ab54140dc8b3acff0c0473b6894cf4
font_11_cff_off00024571.bin pdf-font-stream PDF embedded font (cff) at offset 0x24571 4132 bytes
SHA-256: b3ee8f50be3c86422fff5268e1451f0d2633597d04ec3a0660030987f6ad6977
font_12_cff_off000277a1.bin pdf-font-stream PDF embedded font (cff) at offset 0x277A1 2000 bytes
SHA-256: cde6cda64749f353ae17bb8398c56a5826415ff646e0e34d9ddcf7211acd04cf
font_13_cff_off000288c5.bin pdf-font-stream PDF embedded font (cff) at offset 0x288C5 17602 bytes
SHA-256: b651cc3934ca23a056554f3cb3fe33843ee04035b77f9479fe1bac0137939407
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.47, consistent with packed or encrypted content.
font_14_cff_off0002cabe.bin pdf-font-stream PDF embedded font (cff) at offset 0x2CABE 1900 bytes
SHA-256: da3798d6af1bbf5e04a658f39bbb3718c5565936d34e38ee6f1d0a91fc6c634e
font_15_cff_off0002d86e.bin pdf-font-stream PDF embedded font (cff) at offset 0x2D86E 7289 bytes
SHA-256: 04a2309dcf753b39c036e2e7be70328122bdba5e80c032e7053c13bd5f2145da
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.50, consistent with packed or encrypted content.
font_16_cff_off0004d93e.bin pdf-font-stream PDF embedded font (cff) at offset 0x4D93E 11146 bytes
SHA-256: 7d213590ff429031eda2075e3fd7255eeedaf659319c2f8578929ecddb64b0d4
font_17_cff_off00051417.bin pdf-font-stream PDF embedded font (cff) at offset 0x51417 2211 bytes
SHA-256: da4db86c544147a17a692254d19fce4f21b497c328056b46ff5e2862d312e5eb
font_18_cff_off00053295.bin pdf-font-stream PDF embedded font (cff) at offset 0x53295 2108 bytes
SHA-256: 3548ae6ab2bd9a62fa7e0e10e552974fc3bba9f22a195ac57c4b7c5bc8187e0d
font_20_cff_off00059c02.bin pdf-font-stream PDF embedded font (cff) at offset 0x59C02 1197 bytes
SHA-256: c19278956682b91cc7f155f7381ebb93040dd56592a6f5d6f069243836766977
font_21_cff_off0005bdb8.bin pdf-font-stream PDF embedded font (cff) at offset 0x5BDB8 1288 bytes
SHA-256: a5ea022535aa2704ee37aabe96824dae222783b1a0b132e61f93a5d51bab296c
font_22_cff_off00068f50.bin pdf-font-stream PDF embedded font (cff) at offset 0x68F50 1845 bytes
SHA-256: 0d0f7179e6a62c754bc852811e7ddabbdfe412dc4a5f3474661b24b7b8823e82
font_23_cff_off0006b693.bin pdf-font-stream PDF embedded font (cff) at offset 0x6B693 1901 bytes
SHA-256: 10211303a6cc142bdc45b91ae259af94ca8ef9db22920aa22440347f04ec2e89
font_24_cff_off00077915.bin pdf-font-stream PDF embedded font (cff) at offset 0x77915 1538 bytes
SHA-256: 43a7816b66447c0417a02943c17ba5c02320a49236432b58eaff1385b4c79927
font_25_cff_off0007a0cb.bin pdf-font-stream PDF embedded font (cff) at offset 0x7A0CB 1705 bytes
SHA-256: 6891337093c7a242c39030c683f487be354e0385a6fd91bb85b1ec65ebf0b2d1
font_26_cff_off0007d3f1.bin pdf-font-stream PDF embedded font (cff) at offset 0x7D3F1 1357 bytes
SHA-256: 43dab3a2408b9288601408802140dd09cd0244266050c25cd75d84d59748ac9d
font_27_cff_off00219254.bin pdf-font-stream PDF embedded font (cff) at offset 0x219254 1276 bytes
SHA-256: 9dddd511d3efe1890ec867e1b5d19b1159b5951406b116c38a65608cbd635e30
font_28_cff_off0029f9f0.bin pdf-font-stream PDF embedded font (cff) at offset 0x29F9F0 1267 bytes
SHA-256: 5ab5d7eb5e3d3f0ab5ba338807467851b24be91eb33740e07b677ebd19c64784
font_29_cff_off002a2d16.bin pdf-font-stream PDF embedded font (cff) at offset 0x2A2D16 1252 bytes
SHA-256: 6c8e68b6fa33e0b6ceaaf2e7aac7aac35940ab92c74403425337b98afce7cf39
font_30_cff_off002f4024.bin pdf-font-stream PDF embedded font (cff) at offset 0x2F4024 1109 bytes
SHA-256: 2351257f589aaa482d477b14b978f5f0a0a97b09f9c55676a95927f34fe77a56
font_31_cff_off002f64b6.bin pdf-font-stream PDF embedded font (cff) at offset 0x2F64B6 1157 bytes
SHA-256: b4b3170864b2ff7319b19ce088bb9c0d3d4c2c268354a058c749c799f952d23e