PDF static analysis report

Static analysis result for SHA-256 c47a2e761bd82ed8…

CLEAN

PDF

518.7 KB Created: 2021-03-29 01:58:13 UTC Authoring application: LaTeX with hyperref (via pdfTeX-1.40.21) First seen: 2026-05-13
MD5: 3da6fc38f72ce9f6596fce1c967d0460 SHA-1: 7a4ef43e8deb10b958b922c403cf7bd4d73ddaba SHA-256: c47a2e761bd82ed897165081ba24b752d87ca640c51a133cbb27981d0ee63902
8 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0287

Heuristics 4

  • External URI info PDF_URI
    PDF contains an external URL action
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.openioc.org/resources/An_Introduction_to_OpenIOC.pdf In PDF document text
    • https://github.com/ucoProject/ucoIn PDF document text
    • https://github.com/marcusp46/security-metrics-ontologyIn PDF document text
    • https://github.com/Ebiquity/Unified-Cybersecurity-OntologyIn PDF document text
    • https://github.com/casework/caseIn PDF document text
    • https://github.com/daedafusion/cyber-ontologyIn PDF document text
    • http://www.openioc.org/In PDF document text
    • https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-survey/cybercrime.htmlPDF link annotation
    • https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillionIn PDF document text
    • https://cve.mitre.orgIn PDF document text
    • https://nvd.nist.gov/In PDF document text
    • https://cpe.mitre.org/specification/In PDF document text
    • https://cwe.mitre.orgIn PDF document text
    • https://capec.mitre.org/In PDF document text
    • https://attack.mitre.org/In PDF document text
    • https://nvd.nist.gov/vuln-metrics/cvssIn PDF document text
    • https://cwe.mitre.org/cwss/cwss_v1.0.1.htmlIn PDF document text
    • https://maec.mitre.orgIn PDF document text
    • https://oasis-open.github.io/cti-documentation/In PDF document text
    • https://www.gartner.com/doc/2487216/definition-threat-intelligenceIn PDF document text
    • https://www.juniperresearch.com/press/press-releases/In PDF document text
    • http://ryanstillions.blogspot.com/2014/0In PDF document text
    • https://cpe.mitre.org/In PDF document text
    • https://cwe.mitre.org/In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_006_off0005ce3e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x5CE3E 13505 bytes
SHA-256: 1d5ed6484e735f0edd08845fa064948be8cf8651767ceb2c9855a72927c56959
stream_008_off0005f593.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x5F593 10899 bytes
SHA-256: a48cc78ca30910d4ba6fa0b3d29d385ba59ac584017d0d2e4aa0e11693bb118e
stream_010_off000611ac.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x611AC 31543 bytes
SHA-256: 41b1dc7f32695599357984a058ccc8e2bd190b46f89b25d007fd3b7ed74291af
stream_012_off0006340e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x6340E 13906 bytes
SHA-256: 22dcff5aeb5653e4dca9947574605b284fe78a7b948c508fee33bcb5c11f9b79
stream_018_off0007355c.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x7355C 10781 bytes
SHA-256: 247ec8fb45629e0fd42141fccdd6a5cac7d62e01b7fb0df3958d2494bb11a45d
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 2 long base64-like blob(s).