PDF static analysis report

Static analysis result for SHA-256 9bb360fa4957b40e…

CLEAN

PDF

4.02 MB Created: 2020-01-01 23:20:57 +01:00 Authoring application: Microsoft® Word 2013 First seen: 2020-09-24
MD5: 8854fbe77845eae0866929366660b4d9 SHA-1: 5c90f52cd347ffda9f97dab0056bb178a4aef095 SHA-256: 9bb360fa4957b40ec7b1fdb12bc79b5421308be928d41352d6b6afa53a0a19d6
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0019

Heuristics 3

  • TrueType bitmap font + active content — CVE-2023-26369 related info CVE related PDF_CVE_2023_26369_RELATED
    PDF embeds a TrueType font with bitmap tables (EBDT/sbix/CBDT) alongside exploit delivery indicators — CVE-2023-26369 exploits the sfac_GetSbitBitmap function in Adobe's libCoolType for arbitrary code execution. This CVE was actively exploited in the wild, but this rule does not validate the malformed EBLC/EBDT primitive.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ffoad.fied.fr/information/theme5.php In PDF document text
    • https://www.profweb.ca/publications/articles/comment-integrer-les-licences-creative-commons-dans-vos-coursIn PDF document text
    • https://guillaumedeziel.com/complements/creative-commons-101-fr/In PDF document text
    • https://pedagogienumeriqueenaction.cforp.ca/wp-content/uploads/2016/02/Ontario-21st-century-competencies-foundation-FINAL-FR_AODA_EDUGAINS_Feb-19_16.pdfIn PDF document text
    • https://pedagogienumeriqueenaction.cforp.ca/wp-content/uploads/2016/03/Definir-les-competences-du-21e-siecle-pour-l_Ontario-Document-de-reflexion-phase-1-2016.pdfIn PDF document text
    • http://omafor.technoeducative.com/180524_The_12_core_life_skills_All_FR_Web.pdfIn PDF document text
    • http://www.ticemed.eu/colloques/In PDF document text
    • http://www.ticemed.eu/app/download/23659149/Pr%C3%A9-actes+Ticemed11+v180403.pdfIn PDF document text
    • https://www.vteducation.org/fr/articles/collaboration-avec-les-technologies/usages-pedagogiques-des-tic-de-la-consommation-a-laIn PDF document text
    • http://www.tousalecole.fr/content/infirmit%C3%A9-motrice-c%C3%A9r%C3%A9brale-imc-paralysie-c%C3%A9r%C3%A9brale-bepIn PDF document text
    • https://www.dessinemoiuneidee.org/2019/09/amenagements-raisonnables-fiches-comprendre-ameliorer-eleves.html?fbclid=IwAR03T5wrICWCoTVFrrUCUyHXOqJEiNGoPQpMrAsqyq4caUv1o4IrX_ITIhY#daltonismeIn PDF document text
    • https://www.profweb.ca/publications/articles/comment-integrer-les-licences-creative-commons-dans-In PDF document text
    • https://pedagogienumeriqueenaction.cforp.ca/wp-content/uploads/2016/02/Ontario-21st-century-In PDF document text
    • https://pedagogienumeriqueenaction.cforp.ca/wp-content/uploads/2016/03/Definir-les-competences-du-In PDF document text
    • https://www.vteducation.org/fr/articles/collaboration-avec-les-technologies/usages-pedagogiques-des-In PDF document text
    • http://www.tousalecole.fr/content/infirmit%C3%A9-motrice-c%C3%A9r%C3%A9brale-imc-paralysie-In PDF document text
    • https://www.dessinemoiuneidee.org/2019/09/amenagements-raisonnables-fiches-comprendre-In PDF document text
    • https://mlbesson.weebly.com/syllabes-In PDF document text
    • http://lirecouleur.arkaline.fr/telechargeIn PDF document text
    • https://mlbesson.weebly.com/logicielsIn PDF document text
    • https://mlbesson.weebly.com/studys---In PDF document text
    • https://www.pictoselector.eu/fr/In PDF document text
    • http://www.arasaac.org/In PDF document text
    • http://www.sclera.be/fr/picto/overviewIn PDF document text
    • http://idee-association.org/les-In PDF document text
    • https://lexibar.ca/fr/accueilIn PDF document text
    • http://www.memo-flash.com/fr/homeIn PDF document text
    • https://framakey.org/telecharger/appliIn PDF document text
    • http://www.informatique-In PDF document text
    • http://www.dedys.fr/index.htmlIn PDF document text
    • https://www.letmetalk.info/frIn PDF document text
    • http://lecoleopensource.fr/matheos/In PDF document text
    • http://www.attrape-In PDF document text
    • http://www.thenumberrace.com/nr/hoIn PDF document text
    • https://www.mail2voice.org/index.php/In PDF document text
    • https://framakey.org/telechargerIn PDF document text
    • http://www.karsenti.ca/30cfer.pdfIn PDF document text
    • https://zacbrowser.com/In PDF document text
    • http://wiki.primtux.fr/doku.php/primtuIn PDF document text
    • http://wiki.primtux.fr/lib/exe/fetch.phpIn PDF document text
    • http://inshea.fr/sites/default/files/wwIn PDF document text
    • http://www.learnenjoy.com/In PDF document text
    • https://dico.elix-lsf.fr/In PDF document text
    • https://www.lexiclic.fr/In PDF document text
    • https://cahiersfantastiques.fr/texte-en-In PDF document text
    • https://rogervoice.com/fr/In PDF document text
    • https://www.geeksandcom.com/2014/In PDF document text
    • http://applications-In PDF document text
    • http://blog.espe-bretagne.fr/prodm1vannes/le-numerique-a-lecole-maternelle-quels-usages-pour-quels-In PDF document text
    • https://pragmatice.net/activites_mathematiIn PDF document text
    +190 more URL(s)

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_137_off00148b15.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x148B15 46458 bytes
SHA-256: 6af57bed63b9a30b01037dcf7d50ea6aa65da2725634869560a8404fa2b8c1f5
stream_147_off00167239.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x167239 86154 bytes
SHA-256: b98900cbe2a75e28ab5b89124d4e7185873621f2f4b90fa66e25f266bac087c0
stream_164_off00203baa.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x203BAA 646080 bytes
SHA-256: 70312769e8f8500d27435b9b9aed9040570bbcb7aae1343361554f86b55624ef
stream_165_off0023e3e6.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x23E3E6 615920 bytes
SHA-256: b528a34bb11f54a32c90b7397de963c0e57240dd186a365ce8633d3c755983d4
stream_167_off00278955.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x278955 381908 bytes
SHA-256: 81f7c431348e37ef51dff90b730c2ba8766dcc501b300a1852e631d1cfa6b60c