CLEAN
6
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0020
Heuristics 3
-
Remote GoTo action info PDF_GOTO_REMOTEPDF has GoToR/GoToE actions that reference sibling document files — typical of multi-part document bundles
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.pioneer-rus.ru In PDF document text
- http://www.linotype.com/fontdesignershttp://www.linotype.com/licenseIn PDF document text
- http://www.monotype.comMonotypeIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/g/img/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
- http://www.monotype.com/html/mtname/ms_timesnewroman.htmlhttp://www.monotype.com/html/mtname/ms_welcome.htmlhttp://www.monotype.com/html/type/license.htmlIn PDF document text
Extracted artifacts 32
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_000_off00000458.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x458 | 9094 bytes |
SHA-256: 13418b322df8f0c24c5dc66f8c869c15c90aeefa237b9efc7189f254fb017222 |
|||
stream_024_off0003bc8a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3BC8A | 17833 bytes |
SHA-256: 2d894d5c56109d15e7f5a82e0d2a56dc798f6e18a89615e9a78a58f41aefb115 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
308 of 455 identifiers look randomly generated (e.g. 'Mc1vpdnBNHPA0csVtCjqfWTdWVQRiqdYVdirsVdi'); 2 string-concatenation chain(s) — consistent with name-mangling obfuscation.
|
|||
stream_110_off0010e170.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x10E170 | 12694 bytes |
SHA-256: b16561a86d12ad4c3b42b683862961cb5191a17239c31bd8300c70b77855aa5b |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
215 of 344 identifiers look randomly generated (e.g. 'obHwFMHR4SNCFVJicvEzJDRDghaSUyWiY7LCB3PS'); 2 string-concatenation chain(s) — consistent with name-mangling obfuscation.
|
|||
font_00_cff_off00002121.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x2121 | 816 bytes |
SHA-256: f5c484caf0f357165f87ccc4567b0d5374f2d2caae01442ca1ece0e0873bc126 |
|||
font_01_sfnt_off000026dc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x26DC | 27066 bytes |
SHA-256: 548f9fbfb1951479ee71345d1721e63fd6a2ba5c3e1ad1e72ca4046f2ffec0c7 |
|||
font_02_sfnt_off000063fb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63FB | 71941 bytes |
SHA-256: 6e2b1eca74f3528a6bdd5c425e9454b768241072538c088d0d65d7c272540799 |
|||
font_03_sfnt_off0000e386.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE386 | 37579 bytes |
SHA-256: a08699574d24ac398c5fc992e424ec67265004d8b47a9bb0c02df089040b570f |
|||
font_04_cff_off001d1858.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D1858 | 700 bytes |
SHA-256: bf595ba837a6732ba2c842548714992a2ad607429ccad1c251a5751598d17538 |
|||
font_05_cff_off001d1d7c.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D1D7C | 546 bytes |
SHA-256: 71a24fb8700b7c40e5fa84abc98fe401ac2457472b7ea7fa10ca2904c46184e2 |
|||
font_06_cff_off001d221b.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D221B | 523 bytes |
SHA-256: 2140f550b87026b4d7d1b865fdcee1fe2940cb32ee9ee61456ee4af02675fd13 |
|||
font_07_cff_off001d269b.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D269B | 612 bytes |
SHA-256: 75f769bfb94d7fc562fb156f0482130109cedca78b6f698717018e3d95d26036 |
|||
font_08_cff_off001d2b46.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D2B46 | 449 bytes |
SHA-256: 0e122afb9a187f3c736a2dad3a342a6196f56d08b11ec58e4d28368c14f7c985 |
|||
font_09_cff_off001d2f84.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D2F84 | 481 bytes |
SHA-256: 4ae52ec432ebe831bfc92a2598d18c112a14664c4bb21dfc6f3776cd4f3ef1a6 |
|||
font_10_cff_off001d33d7.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D33D7 | 540 bytes |
SHA-256: 5416d711efeaafc1a0f74c68b87a683b2f7e10a6380ff9449b37b6a6ab524d23 |
|||
font_11_cff_off001d3874.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D3874 | 214 bytes |
SHA-256: 6c56cc5feb04995bcdf375a1ee1b4e3783a3c8d0c8437f0fefa9348a49ac7fbc |
|||
font_12_cff_off001d3bc6.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D3BC6 | 1044 bytes |
SHA-256: 51b9a2267b607715f3cb5de58130c853b2931df8698a2b9fce2066bc02734f43 |
|||
font_13_cff_off001d41f8.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D41F8 | 463 bytes |
SHA-256: 44394a92a09f07ea2a4d5fafab8e2752957efbb91b196d6ae5e5168639a3aca4 |
|||
font_14_cff_off001d4643.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D4643 | 783 bytes |
SHA-256: c92a400c5fe42a71b72a263824ec0d0a13c3eea18c03b0322404c487040d2958 |
|||
font_15_cff_off001d4bcc.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D4BCC | 1239 bytes |
SHA-256: 014f36fe3ad75def66f455f62b1ff2076b690fd9266d3fe65c6ccd02d18709c0 |
|||
font_16_cff_off001d51fd.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D51FD | 335 bytes |
SHA-256: 9ba0da306a5f4eed62dde3158318e7ac37820410405be59711d79561ce81ef7e |
|||
font_17_cff_off001d55b0.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D55B0 | 5622 bytes |
SHA-256: cc6413abb29193755774006b8b278f01d1888bdcf4a1905fe982b7a63ee83e75 |
|||
font_18_cff_off001d6b90.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D6B90 | 843 bytes |
SHA-256: 5b8763720a3e8ae7e583c6b0ee51c180d6d864b65e66927421e1a39e6ab7e6c9 |
|||
font_19_cff_off001d7133.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D7133 | 712 bytes |
SHA-256: 15093c6de9c68f0cb78aa4cbf932b289d29238b806a86398d6bc810af705323e |
|||
font_20_cff_off001d7672.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D7672 | 677 bytes |
SHA-256: f70c103e7eee09b67f65602016d2fc81f78591ede6d3d3908a00fca029aded29 |
|||
font_21_cff_off001d7b65.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D7B65 | 527 bytes |
SHA-256: fbe09e6efc67320cbebce866c02125c438169ea908cd0a969e39fc08397a3544 |
|||
font_22_cff_off001d7ff5.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D7FF5 | 544 bytes |
SHA-256: 7f8f4de27ab4d693c203e2afcd365196eac4009fd0a3f7a850a02a6026ef0ac9 |
|||
font_23_cff_off001d847c.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D847C | 473 bytes |
SHA-256: ac478734ff7fafd9b543ee2e4af1c7e23215617328af461280a24e73d40e4f3b |
|||
font_24_cff_off001d88be.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D88BE | 382 bytes |
SHA-256: b158caa0f957eba9e8fc7b975ae8fa5fd19ac0e76025c027951fa0565dd607b8 |
|||
font_25_cff_off001d8ca5.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D8CA5 | 274 bytes |
SHA-256: 1892fe70e289e6477dbf510f971ae30c0ee944f2f4e89ff3dc77bf031f76503a |
|||
font_26_cff_off001d9033.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D9033 | 731 bytes |
SHA-256: 938268485d99658721937b2b66c529f44428bbc48663ee2963d9d7461c32e5ba |
|||
font_27_cff_off001d9568.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D9568 | 723 bytes |
SHA-256: c4624eb24fbf5abc2d3eb62528311b5bc9e26e43ae0a8d6104ef922aaebfa53a |
|||
font_28_cff_off001d9a92.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D9A92 | 735 bytes |
SHA-256: 7c17bbfd69e0199653f92cf7ac3d0f68deb6d01466427fb7812bb0ffae7e5276 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.