PDF static analysis report

Static analysis result for SHA-256 a5da6e189a004e8d…

SUSPICIOUS

PDF

50.7 KB Created: 2018-06-25 17:31:24 -04:00 Authoring application: wkhtmltopdf 0.12.4 (via Qt 4.8.7) First seen: 2026-06-04
MD5: c0c31d3255e50bcf28f16c809cea4dc9 SHA-1: 4c6ebef6b2c97eb555407f9b25fd2aa4d0de8161 SHA-256: a5da6e189a004e8dadfbf8ff54b9027cd2aa3fd8c182a13095674b7ac66d0993
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains embedded URLs and a heuristic firing for a PDF URI, indicating an attempt to redirect the user to external content. The document body, though partially garbled, suggests a lure related to a book title, and the presence of a 'download button' heuristic further supports a malicious download attempt. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8680

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://uncpbisdegree.com/download5.php?q=case PDF link annotation
    • http://uncpbisdegree.com/download6.php?q=caseIn PDF document text
    • http://heavyx.de/case/in/case_in_point_10th_edition.pdfIn PDF document text
    • http://moroda.de/case/in/case_in_point_10th_edition.pdfIn PDF document text
    • http://dispatchcafe.com/doc/case-in-point-10th-edition.pdfIn PDF document text
    • http://olinow.de/case/in/case_in_point_10th_edition.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-esol-exams-pet-past-papers.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-esol-flyers-sample-papers.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-esol-ket-past-papers.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-esol-movers-sample-papers.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-esol-progression-test-papers.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-esol-skills-for-life-past-papers.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-esol-yle-starters-past-papers.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-essential-stard-general-mathematics-second-edition.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-exam-papers-std-6.pdfIn PDF document text
    • http://uncpbisdegree.com/3/cambridge-exam-papers.pdfIn PDF document text
    • http://www.ascendercorp.com/In PDF document text
    • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
    • https://www.amazon.com/Case-Point-10th-tenth-Text/dp/B004N5BNPYIn PDF document text
    • https://www.amazon.com/Small-Business-Entrepreneurship-Investing-Books/b?ie=UTF8&node=2741In PDF document text
    • https://www.amazon.com/Case-Point-Interview-Preparation-Anniversary/dp/0971015856In PDF document text
    • https://www.amazon.com/Business-Money-Investing-Books/b?ie=UTF8&node=3In PDF document text
    • https://www.amazon.com/Careers-Business-Investing-Books/b?ie=UTF8&node=2572In PDF document text
    • https://www.slideshare.net/harpreetssc/case-in-point7theditionpage0011831In PDF document text
    • https://www.abebooks.com/9780971015852/Case-Point-Complete-Interview-Preparation-0971015856/plpIn PDF document text
    • http://www.harvardbusiness.org/sites/default/files/14803_CL_CaseInPoint_Sheet_S.pdfIn PDF document text
    • https://cortex.acr.org/cip/pagesIn PDF document text
    • https://54109422.r.bat.bing.com/?ld=d3EOPuYMjcqj7F_5Co7uaoODVUCUyEFcC-Jxdk29c95YEdKbgDbJce9EqOjRxXqlbsVPUf7FsX8fR_-8_6OMAOmpm0uMDMPb6kwMpchUMpHakePHN2ojX-egAP9Hl8nCDFNaHDuiQQ75MObrSjRR0fizsjhOlpIhJJXho0-7xCYPcLXn6E&u=http%3a%2f%2fwww.amazon.com%2fs%2f%3fie%3dUTF8%26keywords%3dcase%2bin%2bpoint%2b10th%2bedition%26tag%3dmh0b-20%26index%3dstripbooks%26hvadid%3d78065382396167%26hvqmt%3de%26hvbmt%3dbe%26hvdev%3dc%26ref%3dpd_sl_8fni5mk718_eIn PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
    • http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
    • https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
    • http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
    • https://www.slideshare.net/harpreetssc/case-in-point7theditionIn PDF document text
    • https://www.abebooks.com/9780971015852/Case-Point-CompleteIn PDF document text
    • https://165000790.r.bat.bing.com/?ld=d3Z0F0IYQ9dWoTLD5_vX5XfjVUCUzTlOddZrbY4B1sNWPVhAGBHvm5K5T3QFkLleCOX37I0d3Y9pUdQ0GhZ9Oe3tnP6m-SGRbjnETkmja9Xif30HBXHqsGTuL9ED9WH-LcXYnA6i6xAzcCvLD5FuSte80ERwBZ9u8JBxs-fHg-yaYhLAGV&u=https%3a%2f%2fdownloadsearch.cnet.com%2fs%3fq%3dcase%2bin%2bpoint%2b10th%2bedition%26qsrc%3d0%26src%3djo%26gch%3dAdNetB_CNET_15%26au%3d11652601%26tt%3dT0000177%26clickid%3d%7bmsclkid%7d%26utm_medium%3dcpc%26utm_source%3dbing%26utm_campaign%3dUSA_EN_00_P_JobsEducation_TPKT00_oo_oo_S_A%2523177%26ct%3d%26mkt%3dUSA%26ts%3db%26msclkid%3d%7bmsclkid%7dIn PDF document text
    • https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000077e4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x77E4 14416 bytes
SHA-256: a00e0a11db1758be29da2ae28dea5ec39ce89ce827fae21a90ece71bbb958ef7
font_01_sfnt_off0000a463.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA463 9464 bytes
SHA-256: e15ba1b396fbc0da9774023a7a58a1b9abc6ab8eb880a76ce87d7f12aeb54d19