CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0003
Heuristics 3
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 2 image(s), only 0 text block(s), carries a click-outward action, and is only 113 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTEDPDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://wwww.microsoft.com0 In extracted file (font_10_sfnt_off00016b20.bin)
- http://www.iec.chIn extracted file (icc_02_off0000571c.icc)
- https://docs.microsoft.com/typography/abouthttp://lucasfonts.comMicrosoftIn extracted file (font_10_sfnt_off00016b20.bin)
- http://en.wikipedia.org/wiki/MIT_LicenseIn extracted file (font_10_sfnt_off00016b20.bin)
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0ZIn extracted file (font_10_sfnt_off00016b20.bin)
- http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0In extracted file (font_10_sfnt_off00016b20.bin)
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0ZIn extracted file (font_10_sfnt_off00016b20.bin)
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0��In extracted file (font_10_sfnt_off00016b20.bin)
- http://www.microsoft.com/PKI/docs/CPS/default.htm0@In extracted file (font_10_sfnt_off00016b20.bin)
- http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0ZIn extracted file (font_10_sfnt_off00016b20.bin)
- http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0In extracted file (font_10_sfnt_off00016b20.bin)
Extracted artifacts 14
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
icc_00_off0000128d.icc |
pdf-icc-profile | PDF ICC profile at offset 0x128D | 4508 bytes |
SHA-256: 73d504558e7d03ef4ff2676ba62c7553ee5bd856b45da2d330e33e012ad61fb3 |
|||
icc_01_off00002271.icc |
pdf-icc-profile | PDF ICC profile at offset 0x2271 | 1992 bytes |
SHA-256: 49429d4dd70f439f6fa47a298e5ffbd280375d2cbd18708b1e05a34aafe5d219 |
|||
icc_02_off0000571c.icc |
pdf-icc-profile | PDF ICC profile at offset 0x571C | 3144 bytes |
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
|||
font_00_sfnt_off00007dc9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7DC9 | 26240 bytes |
SHA-256: 96ea4ff306ecf6c3a271dec961eca17c61304cf5f4a058e39a0dbe235055e704 |
|||
font_01_sfnt_off0000c7cf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC7CF | 8080 bytes |
SHA-256: 5a1d55a3bee42780857a57d0289a544ded2c99103678c0ebfedb049c9eb24888 |
|||
font_02_sfnt_off0000da86.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA86 | 7724 bytes |
SHA-256: bb1d1708fa3c3b23156a1c5c15f7357359a4b5486dff1d7111b13a94eb7e6b00 |
|||
font_03_sfnt_off0000ec6c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC6C | 4308 bytes |
SHA-256: beada47e3d983ec9aa3dd238748650608673722bf99709a17d13dfa8c7fe38b2 |
|||
font_04_sfnt_off0000f6db.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6DB | 15112 bytes |
SHA-256: a7c4412069d11975a9b154850c72486a429a94dea616324844c9a73c426bf658 |
|||
font_05_sfnt_off0001119c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1119C | 8412 bytes |
SHA-256: f21823420d74a52f41793e9262e0721f7da687bc14e1adeb2f99037dc1a981cc |
|||
font_06_sfnt_off00012765.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12765 | 11532 bytes |
SHA-256: 3337c773edb4142cf5cd3ae407d3e874219835d722894ef5ccbe13b76e280a85 |
|||
font_07_sfnt_off0001409b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1409B | 10220 bytes |
SHA-256: 4c43984b3c3c62e68dadb32ea3d088e7942dad1bb4778c22405490d0ae5a85b3 |
|||
font_08_sfnt_off000159db.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x159DB | 1252 bytes |
SHA-256: ce5eb735b4a14f4bde457c52d0ad75f6ce53e190883c9459f49b41bb3a713bed |
|||
font_09_sfnt_off00015d4b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15D4B | 6296 bytes |
SHA-256: 6cfb84c082a5c8c7b653a1889603d5940cff632e800ff3c0b6a2f308258aa42c |
|||
font_10_sfnt_off00016b20.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16B20 | 83164 bytes |
SHA-256: 19c65fe8142cd32a4c48a581ec605464f23c642de961708c92ed0221b4c88d3b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.