PDF static analysis report

Static analysis result for SHA-256 a3c7fc8239a24615…

CLEAN

PDF

113.2 KB Created: ƒŸ²)OC032û݈Ôł:031™021ò®&©Ä°7ž¶012»Á002000ê³øI´÷ÚËØš¢004.qÝ Authoring application: ƒŸ²)OC032û݈Ôł:031Ö:ÕÁÞ»'016&|1þÊsð-üù¥¢%^005r̚\U$015^º011)ÒAÜô!ÃìÛÈÑ^¸ (via ƒŸ²)OC032û݈Ôł:031n5k¤©Ö026÷@032021P›¨«ÀJ006ký†êðœŸ@¯ŸÙVê010è!Úï022ã{1”ó~‡(§027|üoû002—û¬á¤Fa0365) First seen: 2026-05-28
MD5: 0545e2bc42ca130601ad700ecfaa95c2 SHA-1: 3d9c77e2d8f480b334d4f9d0bc350092415aa981 SHA-256: a3c7fc8239a2461586ca505e84ad55f00ce8dc8efde37762bf76b381c142a300
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0003

Heuristics 3

  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 2 image(s), only 0 text block(s), carries a click-outward action, and is only 113 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTED
    PDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://wwww.microsoft.com0 In extracted file (font_10_sfnt_off00016b20.bin)
    • http://www.iec.chIn extracted file (icc_02_off0000571c.icc)
    • https://docs.microsoft.com/typography/abouthttp://lucasfonts.comMicrosoftIn extracted file (font_10_sfnt_off00016b20.bin)
    • http://en.wikipedia.org/wiki/MIT_LicenseIn extracted file (font_10_sfnt_off00016b20.bin)
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0ZIn extracted file (font_10_sfnt_off00016b20.bin)
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0In extracted file (font_10_sfnt_off00016b20.bin)
    • http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0ZIn extracted file (font_10_sfnt_off00016b20.bin)
    • http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0��In extracted file (font_10_sfnt_off00016b20.bin)
    • http://www.microsoft.com/PKI/docs/CPS/default.htm0@In extracted file (font_10_sfnt_off00016b20.bin)
    • http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0ZIn extracted file (font_10_sfnt_off00016b20.bin)
    • http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0In extracted file (font_10_sfnt_off00016b20.bin)

Extracted artifacts 14

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off0000128d.icc pdf-icc-profile PDF ICC profile at offset 0x128D 4508 bytes
SHA-256: 73d504558e7d03ef4ff2676ba62c7553ee5bd856b45da2d330e33e012ad61fb3
icc_01_off00002271.icc pdf-icc-profile PDF ICC profile at offset 0x2271 1992 bytes
SHA-256: 49429d4dd70f439f6fa47a298e5ffbd280375d2cbd18708b1e05a34aafe5d219
icc_02_off0000571c.icc pdf-icc-profile PDF ICC profile at offset 0x571C 3144 bytes
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
font_00_sfnt_off00007dc9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7DC9 26240 bytes
SHA-256: 96ea4ff306ecf6c3a271dec961eca17c61304cf5f4a058e39a0dbe235055e704
font_01_sfnt_off0000c7cf.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC7CF 8080 bytes
SHA-256: 5a1d55a3bee42780857a57d0289a544ded2c99103678c0ebfedb049c9eb24888
font_02_sfnt_off0000da86.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xDA86 7724 bytes
SHA-256: bb1d1708fa3c3b23156a1c5c15f7357359a4b5486dff1d7111b13a94eb7e6b00
font_03_sfnt_off0000ec6c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xEC6C 4308 bytes
SHA-256: beada47e3d983ec9aa3dd238748650608673722bf99709a17d13dfa8c7fe38b2
font_04_sfnt_off0000f6db.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF6DB 15112 bytes
SHA-256: a7c4412069d11975a9b154850c72486a429a94dea616324844c9a73c426bf658
font_05_sfnt_off0001119c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1119C 8412 bytes
SHA-256: f21823420d74a52f41793e9262e0721f7da687bc14e1adeb2f99037dc1a981cc
font_06_sfnt_off00012765.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x12765 11532 bytes
SHA-256: 3337c773edb4142cf5cd3ae407d3e874219835d722894ef5ccbe13b76e280a85
font_07_sfnt_off0001409b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1409B 10220 bytes
SHA-256: 4c43984b3c3c62e68dadb32ea3d088e7942dad1bb4778c22405490d0ae5a85b3
font_08_sfnt_off000159db.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x159DB 1252 bytes
SHA-256: ce5eb735b4a14f4bde457c52d0ad75f6ce53e190883c9459f49b41bb3a713bed
font_09_sfnt_off00015d4b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x15D4B 6296 bytes
SHA-256: 6cfb84c082a5c8c7b653a1889603d5940cff632e800ff3c0b6a2f308258aa42c
font_10_sfnt_off00016b20.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x16B20 83164 bytes
SHA-256: 19c65fe8142cd32a4c48a581ec605464f23c642de961708c92ed0221b4c88d3b