PDF static analysis report

Static analysis result for SHA-256 d9d1be82561f98a7…

CLEAN

PDF

46.1 KB Created: 2015-06-26 08:38:49 +07:00 Authoring application: DOMPDF First seen: 2015-06-30
MD5: f3afde7c307c09bbe81f6f962245da1a SHA-1: 516c6449781df3450e7a548e97a421e64111a62e SHA-256: d9d1be82561f98a7629e88c0ea71cd7bc14a1ff9aa21b208544bc8a547d1a919
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0021

Heuristics 3

  • Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URI
    PDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ads.ad-center.com/offer?prod=141&ref=5033218&q=Getting PDF link annotation
    • http://goo.gl/forms/0iRbxhX0sLIn PDF document text
    • http://www.copyright.gov/legislation/dmca.pdfIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_006_off0000827a.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x827A 40200 bytes
SHA-256: 62a32fbe0aab70c183ff97ba9d2cdcb7aeacd669ff27486ae68f5795eb9ddd90