PDF static analysis report

Static analysis result for SHA-256 e2b6689986d42921…

CLEAN

PDF

588.6 KB Authoring application: Skia/PDF m150 Google Docs Renderer First seen: 2026-05-28
MD5: 9feb4d0102c514e5d64d9897eb094287 SHA-1: fe9743a82c411ac11cfa262bb74bbac11beecb38 SHA-256: e2b6689986d42921242fe5c5b591b5022469926be4558e444aea5acc05817c73
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 3

  • Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cineprime.site/movvi/donloadnow PDF link annotation

Extracted artifacts 11

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_001_off000002c0.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2C0 815850 bytes
SHA-256: 5db492250a8a8caac799d2f16475a9041e6e2f67b2e1c02af138af96d7f30ea5
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Static shellcode analysis found candidate code region(s). Indicators: heap spray 0x06
stream_024_off0007fb5d.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x7FB5D 47728 bytes
SHA-256: f4af2f85808c5aeb61734e7b925d34fcd5dda1ff3cea768a8ba481e063f227f3
icc_00_off000000e9.icc pdf-icc-profile PDF ICC profile at offset 0xE9 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off00070ea1.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x70EA1 33656 bytes
SHA-256: cb36db7909d38dfab2fa567f5461b36d89cb02a9911cbd958eea7b0ae75f6c1f
font_01_sfnt_off00076c95.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x76C95 50664 bytes
SHA-256: 7daa792b85ea50b6993da56c6c559d0e204fe1deeb7809368e51e957068123b8
font_02_sfnt_off00077dbc.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x77DBC 41560 bytes
SHA-256: cb1243ccc82af805f128cd20c7a581d75f1d0e21a6ad3db40a84eea5afdd0dec
font_03_sfnt_off0007ef97.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7EF97 4852 bytes
SHA-256: 54285207578b581ca3916642cb0cd2f17b5e8c50ef59d20f0de3b5ce0eacf152
font_05_sfnt_off0008706e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8706E 28700 bytes
SHA-256: 533cd713b38c2ed1ebda23c961bb72eef2cd24e78c8e47de715a4e6a35d8c9d3
font_06_sfnt_off0008bc3e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8BC3E 182404 bytes
SHA-256: 4211dd6ac98dae76740355191a404e50e4508d8b1845bbc039f223b3e99aabf9
font_07_sfnt_off0008c8e5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8C8E5 1900 bytes
SHA-256: 31bfc50628b0f40176b5eba14d4e50b2fa8f61b070ff146e10f10c49bcdfd988
font_08_sfnt_off0008d008.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8D008 31120 bytes
SHA-256: 108f11165dd09331cdd45201054bb3c7573e435485a14d34c7ea9ed22747b7e0