PDF static analysis report

Static analysis result for SHA-256 d80a94d6aa3374ae…

CLEAN

PDF

544.3 KB Created: 2004-02-21 12:15:25 +01:00 Authoring application: matplotlib 0.87.7, http://matplotlib.sf.net (via Mac OS X 10.3.2 Quartz PDFContext) First seen: 2026-05-09
MD5: f732e2cad92489d4c006441d7d223f2f SHA-1: 5bfdf8a64c5be0fa54f3857e2ad82e085b754a55 SHA-256: d80a94d6aa3374aeb9efcef4c14f9b3b88f052e3791d7a5f58d52e33543173ed
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0006

Heuristics 3

  • Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gust.org.pl In PDF document text
    • http://www.bitstream.comIn PDF document text
    • http://matplotlib.sf.netIn PDF document text
    • http://scipy.orgPDF link annotation
    • http://www.scipy.org/Tentative_NumPy_TutorialIn PDF document text
    • http://www.maths.lth.se/~olivierIn PDF document text
    • http://en.wikipedia.org/wiki/Companion_matrixIn PDF document text

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_087_off00072b30.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x72B30 24597 bytes
SHA-256: 49f846e893731554bb1cb20c236ac3829e771649646a5768b4b22da6e5a36e6b
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.96, consistent with packed or encrypted content.
stream_088_off00078a1e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x78A1E 30904 bytes
SHA-256: 6a94b9f53ac71f3c273e4448b8d571079afbaca6065f02ef2321cbe383127056
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.
font_00_sfnt_off00042128.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x42128 49224 bytes
SHA-256: da4281dc7db17a3dfce64a62ced92875c5895340055ec8ba24a3914eb97b349d
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Static shellcode analysis found candidate code region(s). Indicators: heap spray 0x0C
font_01_type1_off00064e8a.bin pdf-font-stream PDF embedded font (type1) at offset 0x64E8A 19461 bytes
SHA-256: 14f0f02d8ac29f977b4a1268e62d9893bfd825e2f2e3f261078e9b03947325c9
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.93, consistent with packed or encrypted content.
font_02_type1_off000698d6.bin pdf-font-stream PDF embedded font (type1) at offset 0x698D6 17672 bytes
SHA-256: 257abad28c83f16fc5de4d36cf7e48e66e11409567d8110a8efd3bea4bdbb8b3
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.91, consistent with packed or encrypted content.
font_03_type1_off0006dc38.bin pdf-font-stream PDF embedded font (type1) at offset 0x6DC38 20577 bytes
SHA-256: 18a82e96170cd04c912ce4f27b9536d4fe50fa419e5ca9938f217156df0f1c44
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.95, consistent with packed or encrypted content.