PDF static analysis report

Static analysis result for SHA-256 995f8034165e5661…

CLEAN

PDF

2.64 MB Created: 2017-06-20 19:07:04 +02:00 Authoring application: Microsoft® Word 2013 First seen: 2020-09-24
MD5: b6738f8bfbb7c75d1dd86db911ff72db SHA-1: ee2105d214466a21dff0efae609c05472040efe5 SHA-256: 995f8034165e56616a04b133772102a2494a43e8b3ee21890de9795e0e4c5771
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0011

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.pce-instruments.com/ PDF link annotation
    • https://www.pce-instruments.com/french/termsIn PDF document text
    • http://www.pce-instruments.com/dutchIn PDF document text
    • http://www.pce-instruments.com/chileIn PDF document text
    • http://www.pce-instruments.cn/In PDF document text
    • http://www.pce-instruments.com/turkishIn PDF document text
    • http://www.pce-instruments.com/deutschIn PDF document text
    • http://www.pce-instruments.com/frenchIn PDF document text
    • http://www.pce-instruments.com/espanolIn PDF document text
    • http://www.pce-instruments.com/usIn PDF document text
    • http://www.pce-instruments.com/englishIn PDF document text
    • http://www.pce-instruments.com/italianoIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
    • http://www.microsoft.com/Typography/0In PDF document text
    • https://www.verisign.com/rpaIn PDF document text
    • http://ocsp.verisign.com/ocsp/status0In PDF document text
    • https://www.verisign.com/rpa0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl0In PDF document text
    • http://www.microsoft.com/typographyIn PDF document text

Extracted artifacts 7

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_072_off001cd916.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1CD916 329556 bytes
SHA-256: 500c6742654e2b34e34f2561d425ebd709f002d1668392e13b42493b920ba40e
stream_073_off001e950e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1E950E 299796 bytes
SHA-256: 63376a763f43b52bd7bbc68a19e02197dbbdb52108ff3f4afc38d989f9e1137d
stream_074_off00200ae2.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x200AE2 724164 bytes
SHA-256: 23f0eded9d0c218eeb38a5002d3b2c3905e78796badc315ebe8727cde2e9c06b
stream_076_off0021525c.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x21525C 222904 bytes
SHA-256: 85ff0cf2ffa6f8882b811310fcaf20f02a1f74a296017f5febe118a807b9630b
font_00_sfnt_off0023c985.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x23C985 44187 bytes
SHA-256: a83d5f0231b8ac28bb68221662d5d2321f17ffdf0393b8440fba39d92fdd3c18
font_01_sfnt_off0025e930.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x25E930 55831 bytes
SHA-256: 9ee7e98d2e63c88e5b2d118b926f7f77180e9996f71d9a530fe21c58d9fee1ed
font_02_sfnt_off00268053.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x268053 44187 bytes
SHA-256: bb23af53a7127c7f6f652827b0932ce40705f1739d9bfc3f8c006807bf1f32cb