PDF static analysis report

Static analysis result for SHA-256 e357c97145ff12ec…

CLEAN

PDF

2.26 MB Created: 2019-01-07 19:26:33 -02:00 Authoring application: Microsoft® Word 2013 First seen: 2026-05-07
MD5: 15244a5cea11d3d5e4fff18a9331ece8 SHA-1: b760ce9094af2ae7f77394c1f2297e5ce729300a SHA-256: e357c97145ff12ec03078ea801326b49aa7485441e357e56fdc2158aa5d5e8c3
6 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link T1566.002 Spearphishing Attachment

The sample is a PDF document that contains embedded URLs and is related to CVE-2023-26369. The heuristic firings indicate that the PDF is designed to exploit a vulnerability, likely to redirect the user to malicious websites. The large number of extracted URLs, many of which are unknown or have a suspicious reputation, further supports this. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier clean score 0.0014

Heuristics 3

  • TrueType bitmap font + active content — CVE-2023-26369 related info CVE related PDF_CVE_2023_26369_RELATED
    PDF embeds a TrueType font with bitmap tables (EBDT/sbix/CBDT) alongside exploit delivery indicators — CVE-2023-26369 exploits the sfac_GetSbitBitmap function in Adobe's libCoolType for arbitrary code execution. This CVE was actively exploited in the wild, but this rule does not validate the malformed EBLC/EBDT primitive.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.emater.df.gov.br/ PDF link annotation
    • http://www.agricultura.gov.br/assuntos/sustentabilidade/organicos/produtos-fitossanitarios/produtos-fitossanitariosIn PDF document text
    • http://ibd.com.br/pt/Default.aspxIn PDF document text
    • http://sindiorganico.com.br/opac/In PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=143259&p_nm_file=F964561778/.Cot%E9sia%20Bug_Bula%20Agrofit.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=164124&p_nm_file=F1412396331/.Galloibug%20Bula_Agrofit_12%202017.pdfIn PDF document text
    • http://koppert.com.br/In PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=166318&p_nm_file=F158557794/Hopper%20v2%2012.01.2018.pdfIn PDF document text
    • http://koppert.com.br/compatibilidade/In PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=166278&p_nm_file=F1038531612/Hunter%20v2%2012.01.2018.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=193389&p_nm_file=F723343026/BULA%20Insidomip.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=152455&p_nm_file=F1145046733/Macromip%20Max%20BULA.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=152439&p_nm_file=F1805234076/Neomip%20Max%20BULA.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=143202&p_nm_file=F1993538461/.Pretiobug_Bula%20Agrofit.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=166268&p_nm_file=F424209522/Reacher%2012.01.2018.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=166322&p_nm_file=F837180004/Spical%20v2%2012.01.2018.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=152460&p_nm_file=F1686061954/Stratiomip%20BULA.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=177589&p_nm_file=F686228177/Bula%20TRICHOMIP-G.pdfIn PDF document text
    • http://www.nufarm.com/BR/FaleConoscoIn PDF document text
    • http://vittia.com.br/contato/In PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=181809&p_nm_file=F945564326/Bula%20Agrothio%20800%20-%20Alt.%20Raz%E3o%20Social%20Reg.%20e%20Formulador.pdfIn PDF document text
    • http://arysta.com.br/In PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=148230&p_nm_file=F73183377/Biobac%20-%20Bula%2007.07.17%20rev00.pdfIn PDF document text
    • https://www.albaughbrasil.com.br/#contatoIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=158536&p_nm_file=F39944805/Cobre-Atar-BR_BL_2017-11-13.pdfIn PDF document text
    • http://www.fersol.com.br/In PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=171044&p_nm_file=F598452260/Cobre%20Fersol_%20Bula_Agrofit_20-02-2018%20.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=158635&p_nm_file=F1752095428/Cup-001_BL_2017-11-13.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=165728&p_nm_file=F609989290/CUPROGARB%20500%2009-01-2018.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=151639&p_nm_file=F950148143/BULA%20MAPA_ANVISA_IBAMA_DEFEND%20WDG_Quimetal.pdfIn PDF document text
    • http://www.adapar.pr.gov.br/arquivos/File/defis/DFI/Bulas/Fungicidas/difere050218.pdfIn PDF document text
    • http://agrivalle.com.br/contatoIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=178125&p_nm_file=F2105361118/Bula%20Ecotrich%20vers%E3o%2027_03_18.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=165744&p_nm_file=F709386809/ELLECT%2009-01-2018.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=153118&p_nm_file=F838559912/Bula%20FUNGURAN%20AZUL%20V.%2001.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=165733&p_nm_file=F44268363/GARRA%20450%20WP%2009-01-2018.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=185309&p_nm_file=F354007010/Kaligreen%20-%20Bula%2029.03.18%20ver.02.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=157084&p_nm_file=F1235266910/Bula%20Kocide%20IN16_v02.pdfIn PDF document text
    • https://www.agro.bayer.com.br/In PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=178786&p_nm_file=F803718180/KUMULUS_DF_bula_rev01_02.04.2018.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=218512&p_nm_file=F195745313/Bula%20%20NATIVE%20-%2021_11_18%20-%20AGRIVALLE.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=177665&p_nm_file=F858965330/F214516908_MODELO_BULA_ORGANIC%20-%20vers%E3o%202017.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=176784&p_nm_file=F205769836/QUALITY%20AGROFIT.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=157336&p_nm_file=F124631222/Ramexane%20850%20WP_BULA_Agrofit_Nov%202017.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=158620&p_nm_file=F48235636/Reconil_BL_2017-11-13.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=158615&p_nm_file=F442743484/Recop_BL_2017-11-13.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=171704&p_nm_file=F192040516/V03.%202018_Bula%20-%20Alt.%20Raz%E3o%20Social%20Nordox.pdfIn PDF document text
    • https://www.fmcagricola.com.br/index.aspxIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=153648&p_nm_file=F1102344610/Bula%20Regalia%20Maxx_%2006_10_2017.pdfIn PDF document text
    • http://agrofit.agricultura.gov.br/agrofit_cons/agrofit.ap_download_blob_agrofit?p_id_file=153755&p_nm_file=F958132856/Serenade_Bula.pdfIn PDF document text
    +413 more URL(s)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_191_off0016a52b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x16A52B 406100 bytes
SHA-256: 708a431a87b2087f2d749f398a7d895acb2a47a736da60d033a5c92368676d63