CLEAN
22
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URIPDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://tinyurl.com/ycxj2swb In PDF document text
🗂 Part of campaign:
awsmovie.com
13 samples
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_015_off0001ec17.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1EC17 | 104920 bytes |
SHA-256: 75c1ce47c462f019e3e71661caea1e71064d73df97dfeee032f0d041491dc857 |
|||
icc_00_off000000c7.icc |
pdf-icc-profile | PDF ICC profile at offset 0xC7 | 536 bytes |
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d |
|||
font_00_sfnt_off0001982b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1982B | 29148 bytes |
SHA-256: a4d3b19863990c17abe56085cb48799d9566c19438c75851bf2888f6eeae0942 |
|||
font_01_sfnt_off0001d799.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D799 | 49744 bytes |
SHA-256: b9a573c967cd26a043a049d2ca0822e193ef121c60fdbfe8cabb00ebea63971f |
|||
font_03_sfnt_off00027b5f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x27B5F | 12396 bytes |
SHA-256: 82d05006aa91a0c39e415004897ee1fd2f892f549793954f6b5261182c96e8d6 |
|||
font_04_sfnt_off000298df.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x298DF | 182388 bytes |
SHA-256: e04311bd1333413d0b4d4d7e974a6c79cd2d35c0c769b057a005106956f0fa6e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.