MALICIOUS
72
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0171
Heuristics 3
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.daf-mag.fr/Thematique/achats-1033/Breves/lettre-recommandee-electronique-toute-securite-245950.htm PDF link annotation
- http://www.lesnewsdunet.com/lesactus/communique-1411725362.htmlIn PDF document text
- http://www.paris-communiques.com/communiques/tessicommuniques.com/In PDF document text
- http://www.daf-mag.fr/Thematique/achats-1033/Breves/lettre-recommandee-PDF link annotation
- http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensedIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
- http://www.aiim.org/pdfa/ns/extension/In PDF document text
- http://www.aiim.org/pdfa/ns/schema#In PDF document text
- http://www.aiim.org/pdfa/ns/property#In PDF document text
- http://www.aiim.org/pdfua/ns/id/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
EICAR.txt |
pdf-embedded-file | PDF EmbeddedFile object 17 at offset 0x528C | 68 bytes |
SHA-256: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f |
|||
|
Detection
ClamAV:
Eicar-Test-Signature
Obfuscation or payload:
unlikely
|
|||
font_00_sfnt_off00009eb8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9EB8 | 24308 bytes |
SHA-256: ce611066d2653183c8904da9522174189eac305b4462fb881191560688b1661a |
|||
font_01_sfnt_off0000d859.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD859 | 12640 bytes |
SHA-256: 7fa220c30363cd4f8618c7c0e6fef7520cd4a1d08ceae53ebe1d49db9f10c341 |
|||
font_02_sfnt_off0000f65c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF65C | 3340 bytes |
SHA-256: 4e3a4774baa10bedbef1130190f56a5ca29f0e1168fb3b7d13ce36b53ea1b9dd |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.