PDF static analysis report

Static analysis result for SHA-256 c765c2cbd22a387d…

CLEAN

PDF

5.37 MB First seen: 2026-05-08
MD5: 279977ab45e952b4da4edbfe5fa3ac1e SHA-1: 48b292998d5b1ca1e8026913917ee78770526e04 SHA-256: c765c2cbd22a387df31bf782a1a48c469a4d0e36cc0d3a9c64cd246abd8d53d1
24 Risk Score

Machine Learning

  • Nyx PDF Classifier suspicious score 0.2983

Heuristics 3

  • Unusually high stream count medium PDF_MANY_STREAMS
    PDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gust.org.pl In PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/pdfx/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_001_off00003c79.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3C79 26649 bytes
SHA-256: 7be5ef7814a9208c3161a13d55186d2c3b461503338708ff0f1e906513c10296
stream_005_off0001a5d5.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x1A5D5 30505 bytes
SHA-256: 362d77e4dfa0240be088deeef0bfbc3d82db937faa147bbc6d0f820c1ed07291
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
stream_006_off0002194e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2194E 36383 bytes
SHA-256: 9f87a6b6ac5ccfea52fe8827ceba97571180d30b5ce6c8c200bfc7a0cc99374c
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.