CLEAN
6
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.002 Malicious File
The PDF file contains embedded JavaScript and is flagged as related to CVE-2023-26369, indicating an attempt to exploit a known vulnerability. The embedded JavaScript stream suggests the execution of malicious code. The presence of external URIs, though not all malicious, points to potential download or redirection activities.
Machine Learning
- Nyx PDF Classifier clean score 0.0002
Heuristics 3
-
TrueType bitmap font + active content — CVE-2023-26369 related info PDF_CVE_2023_26369_RELATEDPDF embeds a TrueType font with bitmap tables (EBDT/sbix/CBDT) alongside exploit delivery indicators — CVE-2023-26369 exploits the sfac_GetSbitBitmap function in Adobe's libCoolType for arbitrary code execution. This CVE was actively exploited in the wild, but this rule does not validate the malformed EBLC/EBDT primitive.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://narodne-novine.nn.hr/clanci/sluzbeni/2014_02_23_426.html PDF link annotation
- http://narodne-novine.nn.hr/clanci/sluzbeni/2014_04_51_992.htmlIn PDF document text
- http://www.rreuse.org/wp-content/uploads/Final-briefing-on-reuse-jobs-website-2.pdfIn PDF document text
- http://www.dolenjskilist.siIn PDF document text
- http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32008L0098In PDF document text
- http://eur-lex.europa.eu/legal-In PDF document text
- http://ec.europa.eu/environment/waste/pdf/strategy/Background%20Report%20Waste%20EIs%20251011%20-In PDF document text
- http://europa.eu/youreurope/citizens/consumers/shopping/guarantees/index_hr.htmIn PDF document text
- http://www.njuskalo.hr/In PDF document text
- http://ec.europa.eu/environment/waste/pdf/strategy/Background%20Report%20Waste%20EIs%20251011%20-%20final.pdfIn PDF document text
- http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYouIn PDF document text
- http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
- http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
- http://www.microsoft.com/typography/0In PDF document text
- http://www.microsoft.com/Typography/0In PDF document text
Extracted artifacts 7
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_066_off001835ce.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1835CE | 208092 bytes |
SHA-256: 4c991079c0693122b3b5e153c89f76db5764c7ae02c3a2b4891acbdd8086f272 |
|||
stream_068_off0019c657.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x19C657 | 196548 bytes |
SHA-256: c3cedc8a30ac49524e3dddc440b5d4ed7070c6b00f34d276a4a7aa730e9f92be |
|||
stream_070_off001b3b21.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1B3B21 | 195268 bytes |
SHA-256: bb6221abf85a889a55da02ff867ac484e8b02dc1e70ed25d6943bd130560658a |
|||
stream_072_off001c0bf8.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1C0BF8 | 194656 bytes |
SHA-256: dd88ed96a00e1e7ab601d8fdea87832637e78c87daff557ddac6ce965d57b7f5 |
|||
stream_074_off001cdbb9.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1CDBB9 | 177388 bytes |
SHA-256: cdf3de20cd70d159204fcacceee6de6fa52a7fdf681ff1126badeb9c21df2e87 |
|||
stream_078_off0020771d.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x20771D | 188144 bytes |
SHA-256: 2b60f4350b9b2f6ff0a667513536acc2af2734a27c46d80fb91d4eeb32ec4926 |
|||
stream_080_off0021e238.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x21E238 | 214688 bytes |
SHA-256: 8431123d7749cf6e762310bb1d602fb512cdd3f81a44560c0663f97b34b9c866 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.