CLEAN
2
Risk Score
Malware Insights
MITRE ATT&CK
T1059 Command and Scripting Interpreter
The file is a PDF document authored by Microsoft Word, containing numerous embedded URLs. While most URLs appear benign, the presence of embedded links within a document structure is a common technique for phishing or directing users to malicious sites. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific lure.
Machine Learning
- Nyx PDF Classifier clean score 0.0002
Heuristics 1
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://docs.microsoft.com/typography/abouthttp://lucasfonts.comMicrosoft In PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
- http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0aIn PDF document text
- http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^In PDF document text
- http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��In PDF document text
- http://www.microsoft.com/pkiops/docs/primarycps.htm0@In PDF document text
- http://www.microsoft.com/TypographyIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_010_off00008e33.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8E33 | 558508 bytes |
SHA-256: 2c5114ae48004d42ecc0aa46eb5d579accb9f034e2b531c40ca7eccb257bbe01 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.