CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0005
Heuristics 3
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.codemantra.com In PDF document text
- http://www.fontfont.deScalaSansLF-ItalicIn PDF document text
- http://www.fontfont.deScalaSans-BoldItalicIn PDF document text
- http://www.fontfont.deCapsScalaSans-CapsIn PDF document text
- http://www.fontfont.deScalaSans-BoldIn PDF document text
- http://www.fontfont.deScalaSans-RegularIn PDF document text
- http://www.fontfont.deScalaSans-ItalicIn PDF document text
- http://www.fontfont.deScalaSansLF-RegularIn PDF document text
- http://www.fontfont.deCapsScalaSansLF-CapsIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/iX/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/pdfx/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
Extracted artifacts 23
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_cff_off0001d5d9.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1D5D9 | 1385 bytes |
SHA-256: bfd6c5923f482e82022b96cebbcdf32ba9761513268bafe22cf09cd05a6daac0 |
|||
font_01_cff_off00021740.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x21740 | 2062 bytes |
SHA-256: d8b6495602ca1feeecc0d50bf0d9b03d7c75e5f0ecaaf1595a104d115d3b384e |
|||
font_02_cff_off00119da1.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x119DA1 | 567 bytes |
SHA-256: 455660ab010ca7656e5d1ae3d6aa7743c36ca2ca77ec8a4fa0c06a80dae8e9b9 |
|||
font_03_cff_off00200353.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x200353 | 1365 bytes |
SHA-256: bc2e2ae5a933e9d9b6611bc0cce9b41283ac0e6d9000d39d12c7b870fc7c9b3e |
|||
font_04_cff_off00203e11.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x203E11 | 3780 bytes |
SHA-256: b5c309d10df4dcc73914b043ab61d0cce3d8e863ccdf7d09d20305f8e7320cfb |
|||
font_05_cff_off00204cac.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x204CAC | 3964 bytes |
SHA-256: 67dc58556a1170a3318a686c7a16eca30cb46b85c311167b86f1b3723149a812 |
|||
font_06_cff_off00205922.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x205922 | 4937 bytes |
SHA-256: efd3b3ea16c0901fb242c5a0901ba3b735e1d6cf700e968973e19abe293a79f4 |
|||
font_07_cff_off0020710f.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x20710F | 13125 bytes |
SHA-256: e88e03b7d526bcf6a2fd784d2c95236282bf3e91c980c768f35200261c911f01 |
|||
font_08_cff_off00209950.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x209950 | 1327 bytes |
SHA-256: 671744f34f96c644d50bd28c9e952a8b4d469cb18a61047df6f2e7c6f68ad48a |
|||
font_09_cff_off00209ea2.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x209EA2 | 4681 bytes |
SHA-256: c976d42b3cadea41291c2e5eb086b9b30bfe174ea9a72a0f34d194015e3b4771 |
|||
font_10_cff_off0020b2a9.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x20B2A9 | 580 bytes |
SHA-256: d3080c2f5629ec6c790f2d5eb4cbbc08fc8ba94671fa023c5d0eeb7114e08ac6 |
|||
font_11_cff_off0020b97b.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x20B97B | 10823 bytes |
SHA-256: dbbfd312968cb4134c93c8940aaee1e173fe117dffc05ccfce496a86ad04ca92 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.41, consistent with packed or encrypted content.
|
|||
font_12_cff_off0020de41.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x20DE41 | 5756 bytes |
SHA-256: 74cc2451de8d9582b956c7837463f6c8986216037ece4f2c454d10e6bde2773e |
|||
font_13_cff_off0020f2f6.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x20F2F6 | 6752 bytes |
SHA-256: 5b73c14705a6c432c580185ce71d27b1427ab92af4d0c1d7babcbfa64dd98a56 |
|||
font_14_cff_off0021091c.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x21091C | 3959 bytes |
SHA-256: bd41b89857bb2deacd04ec23af0c7eca18c1730443f38910a090921e5a4c6602 |
|||
font_15_cff_off00211a70.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x211A70 | 4934 bytes |
SHA-256: e454a19e4973770431afa00713d72d8190dd9341237a5825cd7db90933437d8b |
|||
font_16_cff_off0021317b.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x21317B | 6549 bytes |
SHA-256: 1cac0a5e7a47c8b29017f3dd46b06b34460b2416df4a6e7603a4813e8290fa6d |
|||
font_17_cff_off0021489c.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x21489C | 5709 bytes |
SHA-256: 765f9b04c1ffe9d4f824db31450e525b5a9b1aa39ef300d561dd4d8a385b04ea |
|||
font_18_cff_off0021624f.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x21624F | 1213 bytes |
SHA-256: b0a6a97f0a6e6c02b0fbe2428c29ea194dd851f6532d43e21917cb01e8ee282b |
|||
font_19_cff_off00216744.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x216744 | 1897 bytes |
SHA-256: aa43e466049b993705da8cdca06c0fd1b3ef503cce7c60e632fc22a26af579d2 |
|||
font_20_cff_off0021714d.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x21714D | 2976 bytes |
SHA-256: 7915b3db54866ac0caf7ce5214fe0dea24ccb7f54784e04ad1d9528a8c8a8691 |
|||
font_21_cff_off00217ded.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x217DED | 5397 bytes |
SHA-256: 74847160e86e0057d2f1550be1a66a337f978e526433ffb1256a55bc65d03244 |
|||
font_22_cff_off0021912f.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x21912F | 1201 bytes |
SHA-256: c51ae0dd6a563386a803b4efec0b54e008e1db62e0f4c7b562d0b52b7f7b09aa |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.