PDF static analysis report

Static analysis result for SHA-256 aea9d419b5d55eba…

CLEAN

PDF

196.6 KB Created: 2026-04-22 07:44:20 +00:00 Authoring application: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/144.0.0.0 Safari/537.36 (via Skia/PDF m144) First seen: 2026-05-10
MD5: 195c443c0e4f6c40d428b5a483978149 SHA-1: df81fe60b395b4df9dd8abfa2a2ee91112394efe SHA-256: aea9d419b5d55ebafe7aa8e358934a43fdfcfed7525bc48614780bb8b11b0ecd
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 3

  • Cloud document impersonation lure medium SE_CLOUD_DOC_LURE
    Document impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://secure-web.cisco.com/1Kf65trtwukO12AvwyT8Sewt5fOwJQuBXMJ8Ofnz_UKi046O2-9pzaUHwORKswsum51PMXyZ2Ypj8GqGqUZSZpVmEtne5zqC4gvFk08iyDdyZ6w3sjGWVn58xAJXdg1xP2gCMrnvx6NtjSuj-48pwO7UhqOqDs4FXcTn4mHgNmse2Fw7Smr8L3mDFpK8xdO0-3VGN0QtcDwVU590ESC5kC9G1jiWsTL6OEbaByyb8nwZNCphuqBld64j_6yChUjo0OtNAAs44vkqodbNTTwOfTe8gEQPWg0DcanymKkQOlWO_TRyoTGmFXmTzwDW_RkNGP6uRD2Nkouiv3jqcKF6sKqHM68Cpt54-CBDDW8jT3lOV-p5dO1-QWqR0p46c_6dAyWnAcbvn8YYUJyvIDObHDqBRHJCAKUMPFzZeS2oWIN4/https%3A%2F%2Fbeautymedicalthailand.com%2Fwp-includes%2Ftheme-compat%2Fzhxmepn%2Famgnwyv%2F1sjxiwz%2Fcss%2Fov0654490%2Fserver06%2Fwpserver%2F#amF5YW50Lmtlc2FyYWxpa2FyQG1haGluZHJhLmNvbQ== In PDF document text
    • https://secure-web.cisco.com/1Kf65trtwukO12AvwyT8Sewt5fOwJQuBXMJ8Ofnz_UKi046O2-9pzaUHwORKswsum51PMXyZ2Ypj8GqGqUZSZpVmEtne5zqC4gvFk08iyDdyZ6w3sjGWVn58xAJXdg1xP2gCMrnvx6NtjSuj-48pwO7UhqOqDs4FXcTn4mHgNmse2Fw7Smr8L3mDFpK8xdO0-3VGN0QtcDwVU590ESC5kC9G1jiWsTL6OEbaByyb8nwZNCphuqBld64j_6yChUjo0OtNAAs44vkqodbNTTwOfTe8gEQPWg0DcanymKkQOlWO_TRyoTGmFXmTzwDW_RkNGP6uRD2Nkouiv3jqcKF6sKqHM68Cpt54-CBDDW8jT3lOV-p5dO1-QWqR0p46c_6dAyWnAcbvn8YYUJyvIDObHDqBRHJCAKUMPFzZeS2oWIN4/https%3A%2F%2Fbeautymedicalthailand.com%2FPDF link annotation

Extracted artifacts 7

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00009d94.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x9D94 315074 bytes
SHA-256: 247ce851d008abb71a4d42b4099f25ac8eb1c9d97e79bf6fdcf8425045de2281
icc_00_off00000181.icc pdf-icc-profile PDF ICC profile at offset 0x181 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off00022c45.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x22C45 13812 bytes
SHA-256: dca97cdd982f7b11e49fcdebcfb90e5c919d8f9d12a8fcc4ee1390ba98a67516
font_01_sfnt_off0002413e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2413E 27928 bytes
SHA-256: 3b7746a94e1e2f6afae4f4c1ae416a76d880baf1d331d470fe80d5fa9830afb1
font_02_sfnt_off0002830d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2830D 17172 bytes
SHA-256: 8cf084ed2dc631d844810724af48048f5a59d26db6d09d5225546a3112ec4725
font_03_sfnt_off0002a99b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2A99B 20516 bytes
SHA-256: 1eff4abfe1f5b340b8105898199efc19f68ac54acc5554db359ba5aab61e4e53
font_04_sfnt_off0002da45.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2DA45 19992 bytes
SHA-256: 2a575f04b8f6b2e7eeee77794dde01f1bd6bd08a5a8e3aca8a59cff89ee48bdb