CLEAN
6
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.002 Malicious File
The PDF file contains embedded JavaScript and is related to CVE-2023-26369, indicating an attempt to exploit a known vulnerability. The embedded JavaScript stream is a primary indicator of malicious activity, likely to download and execute a secondary payload. While several URLs were extracted, most are confirmed benign, with one unknown.
Machine Learning
- Nyx PDF Classifier clean score 0.0009
Heuristics 3
-
TrueType bitmap font + active content — CVE-2023-26369 related info PDF_CVE_2023_26369_RELATEDPDF embeds a TrueType font with bitmap tables (EBDT/sbix/CBDT) alongside exploit delivery indicators — CVE-2023-26369 exploits the sfac_GetSbitBitmap function in Adobe's libCoolType for arbitrary code execution. This CVE was actively exploited in the wild, but this rule does not validate the malformed EBLC/EBDT primitive.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.cig.gov.pt/wp-content/uploads/2013/12/guiao_educa_2ciclo.pdf In PDF document text
- https://www.cig.gov.pt/wp-content/uploads/2017/07/AF_CIG_FactSheet.pdfIn PDF document text
- https://recursos.portoeditora.pt/recurso?id=2329007In PDF document text
- http://repositorio.ispa.pt/bitstream/10400.12/2993/1/1993_3_325.pdfIn PDF document text
- http://www.educare.pt/noticias/noticia/ver/?id=28982In PDF document text
- http://www.todoscontam.pt/pt-PT/Principal/Paginas/Homepage.aspxIn PDF document text
- http://www.segurancaparatodos.com/gca/?id=19In PDF document text
- http://www.apf.pt/violencia-sexual-In PDF document text
- https://www.cig.gov.pt/wp-In PDF document text
- https://recursos.portoeditora.pt/reIn PDF document text
- http://repositorio.ispa.pt/bitstreaIn PDF document text
- http://www.educare.pt/noticias/nIn PDF document text
- http://www.todoscontam.pt/pt-In PDF document text
- https://criancasatortoeadireitos.wIn PDF document text
- http://www.segurancaparatodos.cIn PDF document text
- http://www.dge.mec.pt/areas-tematicasPDF link annotation
- http://www.dge.mec.pt/educacao-para-a-cidadania/documentos-de-referenciaIn PDF document text
- http://www.dge.mec.pt/sites/default/files/Legislacao/despacho_6171-2016_grupo_trabalho_educacao_cidadania.pdfIn PDF document text
- http://www.dge.mec.pt/sites/default/files/ficheiros/declaracao_universal_direitos_humanos.pdfIn PDF document text
- http://www.dge.mec.pt/educacao-para-os-direitos-humanosIn PDF document text
- http://www.dge.mec.pt/sites/default/files/ECidadania/educacao_Direitos_Humanos/documentos/referencias_manual_para_o_combate_do_discurso_de_odio_online.pdfIn PDF document text
- http://www.dge.mec.pt/educacao-para-igualdade-de-generoIn PDF document text
- http://www.dge.mec.pt/documentos-nacionais-de-referenciaIn PDF document text
- http://www.dge.mec.pt/educacao-interculturalIn PDF document text
- http://www.dge.mec.pt/noticias/educacao-para-cidadania/referencial-de-educacao-para-o-desenvolvimento-educacao-pre-escolarIn PDF document text
- http://www.dge.mec.pt/sites/default/files/ECidadania/Educacao_Ambiental/documentos/reas_consulta_publica.pdfIn PDF document text
- http://www.dge.mec.pt/educacao-ambiental-para-sustentabilidadeIn PDF document text
- http://dge.mec.pt/sites/default/files/Esaude/referencial_educacao_saude_novo.pdfIn PDF document text
- http://www.dge.mec.pt/educacao-para-os-mediaIn PDF document text
- http://www.dge.mec.pt/sites/default/files/ficheiros/referencial_educacao_media_2014.pdfIn PDF document text
- http://www.dge.mec.pt/sites/default/files/ECidadania/Referenciais/referencial_dimensao_europeia_da_educacao_consulta_publica.pdfIn PDF document text
- http://dge.mec.pt/clubes-europeusIn PDF document text
- https://www.dge.mec.pt/sites/default/files/ECidadania/Referenciais/referencial_de_educacao_financeira_final_versao_port.pdfIn PDF document text
- http://pmate4.ua.pt/conferencias/edufin2013/images/ef2013/apresenta/20.pdfIn PDF document text
- http://www.dge.mec.pt/afetos-e-educacao-para-sexualidadeIn PDF document text
- https://criancasatortoeadireitos.wordpress.com/tag/educacao-sexual/In PDF document text
- http://www.dge.mec.pt/sites/default/files/ficheiros/referencial_edu_rod_epe_eb_2012.pdfIn PDF document text
- http://www.dge.mec.pt/educacao-para-o-empreendedorismoIn PDF document text
- http://www.dge.mec.pt/educacao-para-o-empreendedorismo/recursos-educativosIn PDF document text
- http://www.dge.mec.pt/sites/default/files/ficheiros/guiao_pdf.pdfIn PDF document text
- http://www.dge.mec.pt/sites/default/files/ficheiros/guiao_educ_empreend_2006.pdfIn PDF document text
- http://www.dgeec.mec.pt/np4/np4/%7B$clientServletPath%7D/?newsId=192&fileName=EC0216104PTN_002.pdfIn PDF document text
- http://www.dgeec.mec.pt/np4/np4/%7B$clientServletPath%7D/?newsId=192&fileName=Educa__o_para_o_Empreendedorismo__Destaq.pdfIn PDF document text
- http://eur-lex.europa.eu/legal-content/PT/TXT/PDF/?uri=CELEX:52016DC0381&from=PTIn PDF document text
- http://www.dge.mec.pt/sites/default/files/ECidadania/educacao_Risco/documentos/referencial_risco.pdfIn PDF document text
- http://www.dge.mec.pt/referencial-de-educacao-para-seguranca-defesa-e-paz-0%20http:/www.dge.mec.pt/sites/default/files/ECidadania/educacao_para_a_Defesa_a_Seguranca_e_a_Paz/documentos/refecencial_seguranca_online2016.pdfIn PDF document text
- http://www.dge.mec.pt/educacao-para-o-voluntariado/ligacoes-uteisIn PDF document text
- http://www.dge.mec.pt/educacao-para-cidadania-linhas-orientadoras-0In PDF document text
- http://www.dge.mec.pt/aprendizagens-essenciaisIn PDF document text
- http://dge.mec.pt/sites/default/files/Curriculo/Projeto_Autonomia_e_Flexibilidade/cidadania_e_desenvolvimento.pdfIn PDF document text
+31 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_071_off000de30e.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xDE30E | 626500 bytes |
SHA-256: 5f0e35de366cf663a717678f417b5e6a7e65e8d075475b100b0ac31c7d68e85b |
|||
stream_082_off0018544d.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x18544D | 599140 bytes |
SHA-256: 74206535d9ed4cc483da0fe8a50e631cb2879872f2ad3a7e0fe021da031e977d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.