SUSPICIOUS
44
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0092
Heuristics 3
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.rizzoli.eu/ PDF link annotation
- https://calibre-ebook.com])/ModDate(D:20220920000410+01In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/iX/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/photoshop/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- https://calibre-ebook.comIn PDF document text
Extracted artifacts 8
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_067_off0015fff3.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x15FFF3 | 1920000 bytes |
SHA-256: 3bde59ed335871172b8fb14e88760dd7d55c93cd1f91b0190d4843e2ac308e14 |
|||
stream_138_off002c86b1.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2C86B1 | 8312 bytes |
SHA-256: 4c9a4dbaed966e2435d4d85929bbff1e8e8e54765cc53f7cfd2965b458db9245 |
|||
font_00_sfnt_off000410c6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x410C6 | 26344 bytes |
SHA-256: 7185344224d6573160261cad9e4d031fc22655048934642a2948f3875199c3cc |
|||
font_01_sfnt_off00049cf9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x49CF9 | 13576 bytes |
SHA-256: f406c593f62b679f2d1ad38324b38b85bf7d027fe3472877c18e40332d64ae48 |
|||
font_02_sfnt_off0018f16c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18F16C | 86744 bytes |
SHA-256: 8a694aede222a23d0d65c1046fc0776312aaa25db8199a0c5535009749618028 |
|||
font_03_sfnt_off0019d423.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19D423 | 39928 bytes |
SHA-256: 276584a70275c7b0dd903692d20ba050ebe950edb281dd39f4500474a2098202 |
|||
font_04_sfnt_off001a414d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A414D | 16748 bytes |
SHA-256: d7eb5ff9c31b0f485985a50e9f2f750ce94561735fdbf5d152adda9838439fbf |
|||
font_05_sfnt_off001a6d46.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A6D46 | 21636 bytes |
SHA-256: 31e1f927357870860a2bf05dc9dcfff6c29810cd812a66346fdfd2c3ced71938 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.