CLEAN
8
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0017
Heuristics 4
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.altera.com)/S/URI In PDF document text
- http://www.altera.com/literature/hb/stx2gx/stxiigx_sii52002.pdfPDF link annotation
- http://www.altera.com/literature/ug/ug_slite2.pdfIn PDF document text
- http://www.altera.com/literature/hb/stx2gx/stxiigx_sii52002.pdf)/S/URIIn PDF document text
- http://www.altera.com/literature/ug/ug_slite2.pdf)/S/URIIn PDF document text
- http://www.altera.com/support)/S/URIIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdfx/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://www.iec.chIn PDF document text
Extracted artifacts 11
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_020_off00072e0a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x72E0A | 1858560 bytes |
SHA-256: a77a0d96fd9ff608a30c981918b565ccd44158f0b940e8573a7ba0de2b8d56a0 |
|||
icc_00_off00003a72.icc |
pdf-icc-profile | PDF ICC profile at offset 0x3A72 | 3144 bytes |
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
|||
font_00_cff_off00002cd1.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x2CD1 | 314 bytes |
SHA-256: bc0026667970b9e6843250840e0950409483aa904cb9444abe44c3ed7fed7178 |
|||
font_01_cff_off000044ef.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x44EF | 4686 bytes |
SHA-256: 2ae731d47aff698afe05095ba087053a645baafaefbf65b2f2e5a715da5b9203 |
|||
font_02_cff_off00005556.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x5556 | 3646 bytes |
SHA-256: b74a6515aab0de88b596de3c57f19f9a47c6a95595b7b520a67415ccce2da733 |
|||
font_03_cff_off000061b2.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x61B2 | 4812 bytes |
SHA-256: 39e93f47d563f8bb267bcaa0123e0574a81fc1d8dab6906754c1f02c9788a279 |
|||
font_04_cff_off000071c3.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x71C3 | 10520 bytes |
SHA-256: 71ec30436024995b73fcab4c53068bd7e15e93520f16b5417e0cd6962cdff90a |
|||
font_05_cff_off001264f3.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1264F3 | 1327 bytes |
SHA-256: 312d938216a57afc9487a22dca98fc20b1c328b27a44b5f57a10854627e0592a |
|||
font_06_cff_off0012706d.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x12706D | 2812 bytes |
SHA-256: aa2f664bb15ffd5314037c6c34571cfc726e8e6ddfa903f6b6ae5187a115d4d3 |
|||
font_07_cff_off00127e93.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x127E93 | 5821 bytes |
SHA-256: 676c08a6d142b125f672d1829bde7c2469a1808765ed825c388e0bf432647dea |
|||
font_08_cff_off00128f0f.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x128F0F | 5679 bytes |
SHA-256: ef840ad852a6c31f17995de04b535f836bdad79b1dc97b96717e63b212448ad0 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.40, consistent with packed or encrypted content.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.