MALICIOUS
82
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0008
Heuristics 3
-
UNC path in PDF — possible NTLM credential theft (CVE-2018-4993/CVE-2019-7089) high CVE likely CVE_2018_4993PDF contains a UNC path (\\server\share) alongside action triggers — when a vulnerable viewer resolves this path, Windows may send NTLM credentials to the remote host as the matching PDF action is processed
-
Remote GoTo action high PDF_GOTO_REMOTEPDF references an external document via GoToR/GoToE whose target is a URL, UNC path, or executable
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL \\blog1personal.simplesite.com\test In PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- https://docs.microsoft.com/typography/abouthttp://lucasfonts.comMicrosoftIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
- http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0aIn PDF document text
- http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^In PDF document text
- http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��In PDF document text
- http://www.microsoft.com/pkiops/docs/primarycps.htm0@In PDF document text
- http://www.microsoft.com/TypographyIn PDF document text
- https://www.verisign.com/repository/CPS��In PDF document text
- https://www.verisign.comIn PDF document text
- https://www.verisign.com/repository/verisignlogo.gif0��In PDF document text
- https://www.verisign.com/CPS0bIn PDF document text
- http://www.microsoft.com/typographyIn PDF document text
- http://www.monotype.com/html/mtname/ms_symbol.htmlhttp://www.monotype.com/html/mtname/ms_welcome.htmlMicrosoftIn PDF document text
- http://www.monotype.com/html/type/license.htmlIn PDF document text
- http://www.microsoft.com/Typography/0In PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007341.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7341 | 652012 bytes |
SHA-256: ab9ccae78782587fda4c39bc2200ce4c779c178b62fc21b8f5d14059379717aa |
|||
font_01_sfnt_off0003c28f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3C28F | 40712 bytes |
SHA-256: 1a0c74f9a490c8d2ef2720ad5253bf3d4ce238381186b5f007815b48040772ae |
|||
font_02_sfnt_off000416a3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x416A3 | 25228 bytes |
SHA-256: b1c2362109b3c1555dd5946549cada931b8066060cb7036e6b0b500de41c44e8 |
|||
font_03_sfnt_off00044c4b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x44C4B | 35224 bytes |
SHA-256: 9e129e3d0d5bd76da328f2aff513fb95b1b9ac230fcf4238f86c6f2ce08dee10 |
|||
font_04_sfnt_off00048bd9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x48BD9 | 361788 bytes |
SHA-256: 726383f247ea716cfb9c65967676683cd913a87a59ec92cbb34d60040c1d3822 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.