PDF static analysis report

Static analysis result for SHA-256 aee02afa3b0dc1ba…

CLEAN

PDF

2.07 MB Created: 2008-10-08 01:24:49 UTC Authoring application: 3B2 Total Publishing System 8.07v/W Unicode (via Acrobat Distiller 5.0 (Windows)) First seen: 2014-11-01
MD5: 9328aa034b7e9f6738342e67a44b7d7a SHA-1: c086f2a0456d604647b36f15060558db7d1f8143 SHA-256: aee02afa3b0dc1bae100f7f40f78f90ae75b605413931336970518dfd158c580
6 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0020

Heuristics 3

  • Remote GoTo action info PDF_GOTO_REMOTE
    PDF has GoToR/GoToE actions that reference sibling document files — typical of multi-part document bundles
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.pioneer-rus.ru In PDF document text
    • http://www.linotype.com/fontdesignershttp://www.linotype.com/licenseIn PDF document text
    • http://www.monotype.comMonotypeIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/g/img/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
    • http://www.monotype.com/html/mtname/ms_timesnewroman.htmlhttp://www.monotype.com/html/mtname/ms_welcome.htmlhttp://www.monotype.com/html/type/license.htmlIn PDF document text

Extracted artifacts 32

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_000_off00000458.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x458 9094 bytes
SHA-256: 13418b322df8f0c24c5dc66f8c869c15c90aeefa237b9efc7189f254fb017222
stream_024_off0003bc8a.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3BC8A 17833 bytes
SHA-256: 2d894d5c56109d15e7f5a82e0d2a56dc798f6e18a89615e9a78a58f41aefb115
Detection
ClamAV: No threats found
Obfuscation or payload: likely
308 of 455 identifiers look randomly generated (e.g. 'Mc1vpdnBNHPA0csVtCjqfWTdWVQRiqdYVdirsVdi'); 2 string-concatenation chain(s) — consistent with name-mangling obfuscation.
stream_110_off0010e170.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x10E170 12694 bytes
SHA-256: b16561a86d12ad4c3b42b683862961cb5191a17239c31bd8300c70b77855aa5b
Detection
ClamAV: No threats found
Obfuscation or payload: likely
215 of 344 identifiers look randomly generated (e.g. 'obHwFMHR4SNCFVJicvEzJDRDghaSUyWiY7LCB3PS'); 2 string-concatenation chain(s) — consistent with name-mangling obfuscation.
font_00_cff_off00002121.bin pdf-font-stream PDF embedded font (cff) at offset 0x2121 816 bytes
SHA-256: f5c484caf0f357165f87ccc4567b0d5374f2d2caae01442ca1ece0e0873bc126
font_01_sfnt_off000026dc.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x26DC 27066 bytes
SHA-256: 548f9fbfb1951479ee71345d1721e63fd6a2ba5c3e1ad1e72ca4046f2ffec0c7
font_02_sfnt_off000063fb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x63FB 71941 bytes
SHA-256: 6e2b1eca74f3528a6bdd5c425e9454b768241072538c088d0d65d7c272540799
font_03_sfnt_off0000e386.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xE386 37579 bytes
SHA-256: a08699574d24ac398c5fc992e424ec67265004d8b47a9bb0c02df089040b570f
font_04_cff_off001d1858.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D1858 700 bytes
SHA-256: bf595ba837a6732ba2c842548714992a2ad607429ccad1c251a5751598d17538
font_05_cff_off001d1d7c.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D1D7C 546 bytes
SHA-256: 71a24fb8700b7c40e5fa84abc98fe401ac2457472b7ea7fa10ca2904c46184e2
font_06_cff_off001d221b.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D221B 523 bytes
SHA-256: 2140f550b87026b4d7d1b865fdcee1fe2940cb32ee9ee61456ee4af02675fd13
font_07_cff_off001d269b.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D269B 612 bytes
SHA-256: 75f769bfb94d7fc562fb156f0482130109cedca78b6f698717018e3d95d26036
font_08_cff_off001d2b46.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D2B46 449 bytes
SHA-256: 0e122afb9a187f3c736a2dad3a342a6196f56d08b11ec58e4d28368c14f7c985
font_09_cff_off001d2f84.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D2F84 481 bytes
SHA-256: 4ae52ec432ebe831bfc92a2598d18c112a14664c4bb21dfc6f3776cd4f3ef1a6
font_10_cff_off001d33d7.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D33D7 540 bytes
SHA-256: 5416d711efeaafc1a0f74c68b87a683b2f7e10a6380ff9449b37b6a6ab524d23
font_11_cff_off001d3874.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D3874 214 bytes
SHA-256: 6c56cc5feb04995bcdf375a1ee1b4e3783a3c8d0c8437f0fefa9348a49ac7fbc
font_12_cff_off001d3bc6.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D3BC6 1044 bytes
SHA-256: 51b9a2267b607715f3cb5de58130c853b2931df8698a2b9fce2066bc02734f43
font_13_cff_off001d41f8.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D41F8 463 bytes
SHA-256: 44394a92a09f07ea2a4d5fafab8e2752957efbb91b196d6ae5e5168639a3aca4
font_14_cff_off001d4643.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D4643 783 bytes
SHA-256: c92a400c5fe42a71b72a263824ec0d0a13c3eea18c03b0322404c487040d2958
font_15_cff_off001d4bcc.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D4BCC 1239 bytes
SHA-256: 014f36fe3ad75def66f455f62b1ff2076b690fd9266d3fe65c6ccd02d18709c0
font_16_cff_off001d51fd.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D51FD 335 bytes
SHA-256: 9ba0da306a5f4eed62dde3158318e7ac37820410405be59711d79561ce81ef7e
font_17_cff_off001d55b0.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D55B0 5622 bytes
SHA-256: cc6413abb29193755774006b8b278f01d1888bdcf4a1905fe982b7a63ee83e75
font_18_cff_off001d6b90.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D6B90 843 bytes
SHA-256: 5b8763720a3e8ae7e583c6b0ee51c180d6d864b65e66927421e1a39e6ab7e6c9
font_19_cff_off001d7133.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D7133 712 bytes
SHA-256: 15093c6de9c68f0cb78aa4cbf932b289d29238b806a86398d6bc810af705323e
font_20_cff_off001d7672.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D7672 677 bytes
SHA-256: f70c103e7eee09b67f65602016d2fc81f78591ede6d3d3908a00fca029aded29
font_21_cff_off001d7b65.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D7B65 527 bytes
SHA-256: fbe09e6efc67320cbebce866c02125c438169ea908cd0a969e39fc08397a3544
font_22_cff_off001d7ff5.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D7FF5 544 bytes
SHA-256: 7f8f4de27ab4d693c203e2afcd365196eac4009fd0a3f7a850a02a6026ef0ac9
font_23_cff_off001d847c.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D847C 473 bytes
SHA-256: ac478734ff7fafd9b543ee2e4af1c7e23215617328af461280a24e73d40e4f3b
font_24_cff_off001d88be.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D88BE 382 bytes
SHA-256: b158caa0f957eba9e8fc7b975ae8fa5fd19ac0e76025c027951fa0565dd607b8
font_25_cff_off001d8ca5.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D8CA5 274 bytes
SHA-256: 1892fe70e289e6477dbf510f971ae30c0ee944f2f4e89ff3dc77bf031f76503a
font_26_cff_off001d9033.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D9033 731 bytes
SHA-256: 938268485d99658721937b2b66c529f44428bbc48663ee2963d9d7461c32e5ba
font_27_cff_off001d9568.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D9568 723 bytes
SHA-256: c4624eb24fbf5abc2d3eb62528311b5bc9e26e43ae0a8d6104ef922aaebfa53a
font_28_cff_off001d9a92.bin pdf-font-stream PDF embedded font (cff) at offset 0x1D9A92 735 bytes
SHA-256: 7c17bbfd69e0199653f92cf7ac3d0f68deb6d01466427fb7812bb0ffae7e5276