MALICIOUS
132
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.1865
Heuristics 4
-
ClamAV: Eicar-Test-Signature critical CLAMAV_DETECTIONClamAV detected this file as malware: Eicar-Test-Signature
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ns.useplus.org/ldf/xmp/1.0/ In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
- http://www.gimp.org/xmp/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/photoshop/1.0/In PDF document text
- http://iptc.org/std/Iptc4xmpExt/2008-02-29/In PDF document text
- http://www.ams.orgIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
EICAR.COM |
pdf-embedded-file | PDF EmbeddedFile object 8 at offset 0x166 | 68 bytes |
SHA-256: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f |
|||
|
Detection
ClamAV:
Eicar-Test-Signature
Obfuscation or payload:
unlikely
|
|||
font_00_type1_off0000084b.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x84B | 13663 bytes |
SHA-256: 7b3f746723a24d2bb3dd119e7c42a0319e46302f92feb34db30b752891bef56b |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.91, consistent with packed or encrypted content.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.