CLEAN
22
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URIPDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://rebrand.ly/d32150 In PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00009a17.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x9A17 | 136864 bytes |
SHA-256: 4991b5a47ce1cd0a0489e1ba4c2dcd6e4d3ca5048174832883aedac1a1afbad3 |
|||
stream_021_off0001e425.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1E425 | 18240 bytes |
SHA-256: 615a5b361ea6f02b14798277ab9d8caff7ded2f7f05019bb378d62bdc34706f0 |
|||
icc_00_off00002318.icc |
pdf-icc-profile | PDF ICC profile at offset 0x2318 | 536 bytes |
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d |
|||
font_00_sfnt_off000028b3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x28B3 | 34800 bytes |
SHA-256: 7e46fa5700e49b92b4e9e410f51db860d80c2347ff83433545e9580ecabd135e |
|||
font_01_sfnt_off00007d8a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D8A | 55216 bytes |
SHA-256: 4aa68ebf0df73388f08690da7ec2088381875919c02b8af8013b9a6c49f4c1ce |
|||
font_03_sfnt_off00010787.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10787 | 5016 bytes |
SHA-256: 8578fc98a33b75e2e6c5cd992841d9e9df86a323acf62f543fbaa4816f86853a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.