PDF static analysis report

Static analysis result for SHA-256 9b346f0c347bcaf6…

SUSPICIOUS

PDF

41.7 KB Authoring application: iLovePDF First seen: 2026-05-29
MD5: d1364b59e4307562f1ef0a3b68b1ac32 SHA-1: c5065a88f26a5715d839b5a5a266a2a09e89a831 SHA-256: 9b346f0c347bcaf67ea91872fb9c3389354cd6c549b3535dd66b721a22f93d3c
44 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 3

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://spai.secureddocz.workers.dev/ PDF link annotation

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off00002883.icc pdf-icc-profile PDF ICC profile at offset 0x2883 456 bytes
SHA-256: 12afb4d9953adee0607d347daee5b78b18d6b3cab2d572b88970703f5edb37bc