PDF static analysis report

Static analysis result for SHA-256 a1696ab6c0e8f36c…

CLEAN

PDF

534.2 KB Created: 2001-12-03 09:29:02 UTC Authoring application: tiff2ps (via Acrobat Distiller 4.05 for Windows) First seen: 2026-05-11
MD5: ef08cef0b95137157c2f6f623d171697 SHA-1: 7b52c83f29c6deb01a4ea06d3afda5db9cabee83 SHA-256: a1696ab6c0e8f36c8ceef74f9bf4b1d1f908cdad950316070019b2a23c3b4272
10 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment

The PDF file exhibits suspicious characteristics, including the use of ASCII85Decode filters with exploit indicators. While the document body is heavily obfuscated and contains no readable text, the presence of embedded URLs suggests an attempt to direct the user to external resources. The heuristics indicate a potential for exploit delivery, but without further script analysis or clear textual lures, the exact attack pattern remains uncertain. The benign reputation of the extracted URLs reduces confidence in a direct payload download from those specific links.

Machine Learning

  • Nyx PDF Classifier clean score 0.0004

Heuristics 2

  • ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85
    ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.come.to/bionrj In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/iX/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text