PDF static analysis report

Static analysis result for SHA-256 a2c783c8f66cfe0f…

CLEAN

PDF

9.93 MB Authoring application: Nitro PDF Professional 6 First seen: 2017-03-23
MD5: 5aacf9c23c0f2cc7ef24eb8e8037e1b1 SHA-1: ded17c9eedfbe84212e7f5da632d842411544ae0 SHA-256: a2c783c8f66cfe0f928e1c368dc09f26035dbc0487b7ca447460f9950fe42944
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0202

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.equalityindonesia.com/ PDF link annotation
    • http://www.equalityindonesia.comPDF link annotation
    • http://www.equalityindonesia.com/)/TypeIn PDF document text
    • http://ocsp.verisign.com0In PDF document text
    • http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYouIn PDF document text
    • http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/CSPCA.crl0HIn PDF document text
    • http://www.microsoft.com/pki/certs/CSPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/tspca.crl0HIn PDF document text
    • http://www.microsoft.com/pki/certs/tspca.crt0In PDF document text
    • http://www.microsoft.com/typographyIn PDF document text
    • https://www.verisign.com/repository/RPA0In PDF document text
    • https://www.verisign.com/repository/CPS��In PDF document text
    • https://www.verisign.comIn PDF document text
    • https://www.verisign.com/repository/verisignlogo.gif0�In PDF document text
    • https://www.verisign.com/CPSIn PDF document text
    • https://www.verisign.com/repository/CPSIn PDF document text
    • http://www.microsoft.com/truetype/0In PDF document text
    • http://crl.verisign.com/ThawteTimestampingCA.crl0In PDF document text
    • http://crl.verisign.com/tss-ca.crl0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0OIn PDF document text
    • http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0In PDF document text

Extracted artifacts 8

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_014_off00070cbb.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x70CBB 198572 bytes
SHA-256: 14801aa778b3da642fa0ef0dca2fb9f6b52c78cfc3ac63fac50c873d89252c2c
font_00_sfnt_off00001653.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1653 54792 bytes
SHA-256: 67fc207b1f350a5bbb87c316a7b1c083fb56e8d21272a3a581e827538492fb7a
font_02_sfnt_off00013841.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x13841 169476 bytes
SHA-256: a6eacb5f4c318f191f5c7ef56b8a9d24965db43dd12e86dc8eafc984e1163d47
font_03_sfnt_off000268fd.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x268FD 54520 bytes
SHA-256: 4e49a2d55be905e94718d8698d2acdf497009d2fbf6c7c1516c4c3fe5a3f73d9
font_05_sfnt_off0005b841.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x5B841 183164 bytes
SHA-256: fe4e1381826eb65041f92ce379e5272824c0cb80475e8936cbb36cac048b6601
font_07_sfnt_off00087fd4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x87FD4 95732 bytes
SHA-256: 6caf2609d8a57dd765ef3bec44ba0f10dfdb1ae065bf0bbcbbcb1152af1b75ef
font_18_sfnt_off008673df.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8673DF 183320 bytes
SHA-256: 90a5614769b83f794e8152d540a4397dba13d2777ea31a5980e9c677eef57efc
font_29_sfnt_off009852fd.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9852FD 183120 bytes
SHA-256: 8e5bf54a304c395f86c21e2796c928de1c40e8b2eaa7c6e1810315f0f1ff8df3