CLEAN
24
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
The PDF is encrypted and contains only images, with no discernible text content. This indicates a likely attempt to obscure malicious content or to use images as a lure. The 'PDF_IMAGE_ONLY_LURE' heuristic firing supports this, suggesting the document is designed to mislead the user. Without readable text or scripts, the exact malicious intent cannot be determined, but the overall pattern points to a phishing or social engineering attempt.
Machine Learning
- Nyx PDF Classifier clean score 0.0008
Heuristics 3
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTEDPDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.digia.com/ In PDF document text
- http://www.indt.org/In PDF document text
- http://www.mob4hire.com/In PDF document text
- http://www.getjar.com/In PDF document text
- http://www.uxmag.com/technology/effective-developer-experienceIn PDF document text
- http://www2.uiah.fi/projekti/metodi/158.htm#measureIn PDF document text
- http://www.wirelessexpertise.com/research_detail.php?research_id=5In PDF document text
- http://www.mrweb.com/mrt/mob09nov.htmIn PDF document text
- http://www.interaction-In PDF document text
- http://neospot.se/usability-vs-user-experience/In PDF document text
- http://www.uxmag.com/design/user-experience-for-developersIn PDF document text
- http://www.strategyanalytics.com/default.aspx?mod=pressreleaseviewer&aIn PDF document text
- https://bluevia.com/en/In PDF document text
- http://www.cuppadev.co.uk/the-horror-of-android-In PDF document text
- https://mobiledocuments.com/In PDF document text
- http://www.visionmobile.com/research.php#deveconIn PDF document text
- http://www.vogella.de/articles/Android/article.htmlIn PDF document text
- http://www.wacapps.net/web/portalIn PDF document text
- http://pelfusion.com/awesome-graphics/mobile-interface-development-In PDF document text
- http://ocsp.verisign.com0In PDF document text
- http://www.forum.nokia.com/Design/In PDF document text
- http://developer.apple.com/devcenter/ios/index.actionIn PDF document text
- http://developer.android.com/guide/practices/ui_guidelines/index.htmlIn PDF document text
- http://www.developer.nokia.com/Resources/Library/Design_and_UX/designing-for-nokia-In PDF document text
- http://www.forum.nokia.com/info/sw.nokia.com/id/7557c13f-0b43-4805-85ce-8414bfbade57/Flowella.htmlIn PDF document text
- http://www.forum.nokia.com/Design/User_experience/Case_studies/In PDF document text
- http://store.ovi.com/In PDF document text
- http://blog.ovi.com/dailyapp/global/In PDF document text
- http://www.usertesting.com/In PDF document text
- http://speckyboy.com/2010/05/10/android-app-In PDF document text
- http://developer.apple.com/library/mac/#documentation/Cocoa/ConceptuaIn PDF document text
- http://developer.apple.com/In PDF document text
- http://hdl.handle.net/1794/7610In PDF document text
- http://www.forum.nokia.com/Design/User_experience/In PDF document text
- http://appinventor.googlelabs.com/about/In PDF document text
- http://www.idc.com/about/viewpressrelease.jsp?containerId=prUS22679411In PDF document text
- http://www.juniperresearch.com/shop/products/whitepaper/pdf/Mobile%2In PDF document text
- http://www.nytimes.com/2010/07/12/technology/12google.htmIn PDF document text
- http://www.useit.com/alertbox/mobile-apps-initial-use.htmlIn PDF document text
- http://blog.nielsen.com/nielsenwire/online_mobile/the-state-of-mobile-In PDF document text
- http://betalabs.nokia.com/In PDF document text
- http://doi.acm.org/10.1145/1151454.1151466In PDF document text
- http://doi.acm.org/10.1145/1167948.1167980In PDF document text
- http://www.microsoft.com/typography/ctfontshttp://www.fonts.comYouIn PDF document text
- http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
- http://crl.microsoft.com/pki/crl/products/CSPCA.crl0HIn PDF document text
- http://www.microsoft.com/pki/certs/CSPCA.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/tspca.crl0HIn PDF document text
- http://www.microsoft.com/pki/certs/tspca.crt0In PDF document text
- http://www.microsoft.com/typography/0In PDF document text
+8 more URL(s)
Extracted artifacts 8
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_035_off0005aa10.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5AA10 | 1214208 bytes |
SHA-256: bfe6f0327bb9b68c428cfb627696524f1b661942bdb46fc43f5aa9e75b1cb3e3 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Static shellcode analysis found candidate code region(s). Indicators: heap spray 0x06
|
|||
stream_071_off00102829.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x102829 | 1308000 bytes |
SHA-256: 7ae274f152599c30837d0b51d2c1b4ea1abea76939d431a4949e3e940e6232ba |
|||
stream_073_off001bfb64.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1BFB64 | 226828 bytes |
SHA-256: 77443d186fc9b091a90b18d7a353ba235970cf7e32b8cd04e621eded5ba255a3 |
|||
stream_076_off00211a72.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x211A72 | 189012 bytes |
SHA-256: 6f1a28ea088aa36864d88d73f956f9d3959ce5b0e1a5d536afe62a7680b8ee57 |
|||
font_00_sfnt_off001da59f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1DA59F | 248544 bytes |
SHA-256: b53b3d32763b4c1732e4121021525b1fb6b212329ba3098dcebb5fe21e8049e5 |
|||
font_02_sfnt_off002277f3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2277F3 | 195248 bytes |
SHA-256: be7c5e56ffc74445d19563693e22ecbbdd67970e49be7d16bf0f0fbf15fb704c |
|||
font_03_sfnt_off002524d0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2524D0 | 56804 bytes |
SHA-256: 15edbd3d172a16892dd83b7e90da0fd4fe04b430044012f42794d2fcdfd59297 |
|||
font_04_sfnt_off0025b92b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x25B92B | 24332 bytes |
SHA-256: ca6c494bb5ef9be7361cfad38425c9e5ec46bc51a29f0a9ed3e0b4866540a7f4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.