PDF static analysis report

Static analysis result for SHA-256 b2ca9c6859598255…

CLEAN

PDF

30.6 KB Created: 2024-07-08 08:25:37 -07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2024-07-09
MD5: 123318c2c20cf6aa5de61ed0b811e864 SHA-1: 0b29994efc1907e20d997f4292d066d20a7cf810 SHA-256: b2ca9c6859598255cd92700de1c217a595adb93093a43995c8bb7af94974f067
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0070

Heuristics 3

  • Document signing service impersonation lure medium SE_DOCUSIGN_LURE
    Document impersonates DocuSign, Adobe Sign, or a similar signing service in a signing-request context
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://insidesales-email.com/l/1/17013924/Y/useast1-a-2022.08.23-17968506/1/ab/qRKMXSxLNNykbRYfIp4Gi7TtvHi3kRNCe0u7vsUxSps?lnk=https://share-eu1.hsforms.com/176T8k3N9Q562OEEfhS22Fg2ebzvj PDF link annotation
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00002893.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2893 9884 bytes
SHA-256: bb130886bce256025efbea8283a111b4f8aeb77e42238b195039161b7c2a7614
font_00_sfnt_off00000fae.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xFAE 9136 bytes
SHA-256: 1f841dc9da1c5355ef66d614582126b61c1187be167595cf49a6f15ee836f982
font_02_sfnt_off00004218.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x4218 14116 bytes
SHA-256: b86c111dffc528bf345732086a7fb8bd890fd7b4e70a7bf410c7e456d3cc71b1
font_03_sfnt_off000058c4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x58C4 16088 bytes
SHA-256: 43f796d449ad582cf81553743a3c5b62128bfbef4bb6aa37c2dbcd2c87cad878