CLEAN
22
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URIPDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://tinyurl.com/5ee64pt2 In PDF document text
🗂 Part of campaign:
awsmovie.com
13 samples
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_015_off0001e6be.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1E6BE | 104920 bytes |
SHA-256: 75c1ce47c462f019e3e71661caea1e71064d73df97dfeee032f0d041491dc857 |
|||
icc_00_off000000cd.icc |
pdf-icc-profile | PDF ICC profile at offset 0xCD | 536 bytes |
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d |
|||
font_00_sfnt_off000194c9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x194C9 | 28488 bytes |
SHA-256: 22eb5679c3555afdf66514855030df97c66703c472b63ec554e07fe1c69d1916 |
|||
font_01_sfnt_off0001d240.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D240 | 49744 bytes |
SHA-256: b9a573c967cd26a043a049d2ca0822e193ef121c60fdbfe8cabb00ebea63971f |
|||
font_03_sfnt_off00027606.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x27606 | 12396 bytes |
SHA-256: 82d05006aa91a0c39e415004897ee1fd2f892f549793954f6b5261182c96e8d6 |
|||
font_04_sfnt_off00029386.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x29386 | 182388 bytes |
SHA-256: e04311bd1333413d0b4d4d7e974a6c79cd2d35c0c769b057a005106956f0fa6e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.