CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0006
Heuristics 3
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.gust.org.pl In PDF document text
- http://www.bitstream.comIn PDF document text
- http://matplotlib.sf.netIn PDF document text
- http://scipy.orgPDF link annotation
- http://www.scipy.org/Tentative_NumPy_TutorialIn PDF document text
- http://www.maths.lth.se/~olivierIn PDF document text
- http://en.wikipedia.org/wiki/Companion_matrixIn PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_087_off00072b30.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x72B30 | 24597 bytes |
SHA-256: 49f846e893731554bb1cb20c236ac3829e771649646a5768b4b22da6e5a36e6b |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
|
|||
stream_088_off00078a1e.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x78A1E | 30904 bytes |
SHA-256: 6a94b9f53ac71f3c273e4448b8d571079afbaca6065f02ef2321cbe383127056 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
|
|||
font_00_sfnt_off00042128.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x42128 | 49224 bytes |
SHA-256: da4281dc7db17a3dfce64a62ced92875c5895340055ec8ba24a3914eb97b349d |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Static shellcode analysis found candidate code region(s). Indicators: heap spray 0x0C
|
|||
font_01_type1_off00064e8a.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x64E8A | 19461 bytes |
SHA-256: 14f0f02d8ac29f977b4a1268e62d9893bfd825e2f2e3f261078e9b03947325c9 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.93, consistent with packed or encrypted content.
|
|||
font_02_type1_off000698d6.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x698D6 | 17672 bytes |
SHA-256: 257abad28c83f16fc5de4d36cf7e48e66e11409567d8110a8efd3bea4bdbb8b3 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.91, consistent with packed or encrypted content.
|
|||
font_03_type1_off0006dc38.bin |
pdf-font-stream | PDF embedded font (type1) at offset 0x6DC38 | 20577 bytes |
SHA-256: 18a82e96170cd04c912ce4f27b9536d4fe50fa419e5ca9938f217156df0f1c44 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.