PDF static analysis report

Static analysis result for SHA-256 a90c40ae40aa3240…

SUSPICIOUS

PDF

3.08 MB Created: 2022-09-19 22:04:09 +00:00 Authoring application: calibre (6.5.0) [https://calibre-ebook.com] First seen: 2026-05-29
MD5: 49845fef73f81dba5e281ae1fce9707c SHA-1: cb739f9b0206925f5bec1718d98f482b92307042 SHA-256: a90c40ae40aa3240a89bc9318a40df1e28dc3972ab20f08303a348fbb77b3250
44 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0092

Heuristics 3

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.rizzoli.eu/ PDF link annotation
    • https://calibre-ebook.com])/ModDate(D:20220920000410+01In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/iX/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/photoshop/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • https://calibre-ebook.comIn PDF document text

Extracted artifacts 8

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_067_off0015fff3.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x15FFF3 1920000 bytes
SHA-256: 3bde59ed335871172b8fb14e88760dd7d55c93cd1f91b0190d4843e2ac308e14
stream_138_off002c86b1.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2C86B1 8312 bytes
SHA-256: 4c9a4dbaed966e2435d4d85929bbff1e8e8e54765cc53f7cfd2965b458db9245
font_00_sfnt_off000410c6.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x410C6 26344 bytes
SHA-256: 7185344224d6573160261cad9e4d031fc22655048934642a2948f3875199c3cc
font_01_sfnt_off00049cf9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x49CF9 13576 bytes
SHA-256: f406c593f62b679f2d1ad38324b38b85bf7d027fe3472877c18e40332d64ae48
font_02_sfnt_off0018f16c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x18F16C 86744 bytes
SHA-256: 8a694aede222a23d0d65c1046fc0776312aaa25db8199a0c5535009749618028
font_03_sfnt_off0019d423.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x19D423 39928 bytes
SHA-256: 276584a70275c7b0dd903692d20ba050ebe950edb281dd39f4500474a2098202
font_04_sfnt_off001a414d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1A414D 16748 bytes
SHA-256: d7eb5ff9c31b0f485985a50e9f2f750ce94561735fdbf5d152adda9838439fbf
font_05_sfnt_off001a6d46.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1A6D46 21636 bytes
SHA-256: 31e1f927357870860a2bf05dc9dcfff6c29810cd812a66346fdfd2c3ced71938