PDF static analysis report

Static analysis result for SHA-256 9e1c3dd33974b68e…

CLEAN

PDF

200.2 KB Authoring application: PyPDF2 First seen: 2025-07-21
MD5: 7e3580050169bffe18b57821a24e384f SHA-1: fb7ef69ca53d86f2251b9996a24684a2ade0dae8 SHA-256: 9e1c3dd33974b68eb1f977ad9ccc804a0a95227219d5304648611d420ae9713b
22 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 2

  • Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URI
    PDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://rebrand.ly/c40yshn In PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
    • http://www.microsoft.com/typography/ctfontshttp://www.fonts.comMicrosoftIn PDF document text
    • http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_006_off00019aac.js decompressed-pdf-stream PDF FlateDecoded stream at offset 0x19AAC 7693 bytes
SHA-256: 3f69155fa489b283af736e5bbec3d04001757869249507c78688ae26ba987890
font_00_sfnt_off00000a60.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA60 30492 bytes
SHA-256: 360dd59a8abc3ca09dccff024723e23d6dd800441764530b1c2d7b0045b64d0f
font_01_sfnt_off00004d6f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x4D6F 58068 bytes
SHA-256: df7f630c354e3707d09a7d7d3edf38d32c18f73d492e25755e0a5b7d08dabd04
font_02_sfnt_off0001c603.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1C603 48312 bytes
SHA-256: ba9f42fbaffc705dc860ae9ffad839cf33de85e6d4447b65ae0530d5bf61a2c1
font_03_sfnt_off00023a0e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x23A0E 18276 bytes
SHA-256: c11aab122a0eb992397f5fe8197613fe231f9475f752d48ecee91efab697e137
font_04_sfnt_off000263e3.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x263E3 58156 bytes
SHA-256: baaea521a91cca4912607cf63c685ec419a042e5c6045d7d4b6e1f148526b487