PDF static analysis report

Static analysis result for SHA-256 f4f4c7604a3c73c3…

CLEAN

PDF

3.39 MB Created: 2014-04-09 05:04:58 Authoring application: Microsoft® Office Word 2007 First seen: 2020-09-24
MD5: ced8fc8341d766bb5da45e61fbd6c2ce SHA-1: f4528fb5da5e02559a71f45acc068432bd39d226 SHA-256: f4f4c7604a3c73c3dcd128d8952dc4bb28128efa2fd9c223aa784c555c58aeb2
24 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0028

Heuristics 3

  • Unusually high stream count medium PDF_MANY_STREAMS
    PDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.aesa.kz/ PDF link annotation
    • http://www.pandia.ru/text/77/295/81728.phpIn PDF document text
    • http://iformatsiya.ru/tabl/900-investicii-v-osnovnoy-kapital-gross-fixed-stran-mira-2011.htmlIn PDF document text
    • http://gtmarket.ru/ratings/research-and-development-expenditure/infoIn PDF document text
    • http://gtmarket.ru/ratings/education-index/education-index-infoIn PDF document text
    • http://www.uddi.org/In PDF document text
    • http://www.matizclub.ru/In PDF document text
    • http://intservis.ru/menu/index.php?id=39In PDF document text
    • http://teacode.com/concept/eor/class2.htmlIn PDF document text
    • http://tdocs.su/9539In PDF document text
    • http://tdocs.su/9359In PDF document text
    • http://tdocs.su/9361In PDF document text
    • http://tdocs.su/9338In PDF document text
    • http://tdocs.su/9486In PDF document text
    • http://tdocs.su/9439In PDF document text
    • http://tdocs.su/9494In PDF document text
    • http://tdocs.su/9538In PDF document text
    • http://tdocs.su/9379In PDF document text
    • http://tdocs.su/9380In PDF document text
    • http://tdocs.su/9515In PDF document text
    • http://tdocs.su/9411In PDF document text
    • http://tdocs.su/9509In PDF document text
    • http://tdocs.su/9519In PDF document text
    • http://tdocs.su/9525In PDF document text
    • http://tdocs.su/9343In PDF document text
    • http://www.pedlib.ru/Books/1/0208/index.shml#book_page_innerIn PDF document text
    • http://teacode.com/online/udc/51/519.67.htmlIn PDF document text
    • http://massaget.kz/In PDF document text
    • http://www.kazakzaman.kz/In PDF document text
    • http://ito.bitpro.ru/1999/%20II/5/5119.htmlIn PDF document text
    • http://ruxpert.ruIn PDF document text
    • http://iformatsiya.ru/tabl/900-investicii-v-osnovnoy-kapital-gross-fixed-stran-mira-In PDF document text
    • http://gtmarket.ru/ratings/research-and-development-In PDF document text
    • http://www.matizclub.ruIn PDF document text
    • http://grebennikon.ru/author-3152lIn PDF document text
    • http://www.aesa.kzPDF link annotation
    • http://massaget.kzIn PDF document text
    • http://www.kazakzaman.kzIn PDF document text
    • http://kursi.net.ua/catalog?cat=10&region=4In PDF document text
    • http://www.wirtschaftundschule.de/aktuelle-themen/arbeitsmarkt-berufsorientierung/der-arbeitsmarkt-fuer-jugendliche/jugendarbeitslosigkeit-in-europa-und-warum-deutschland-besser-dastehtIn PDF document text
    • http://study.aesa.kz/In PDF document text
    • http://www.stimm.ru/about/obrazovaie-za-rubezhom-lIn PDF document text
    • http://iformatsiya.ru/2012/04/03/In PDF document text
    • http://concord.websib.ru/In PDF document text
    • http://www.mikosoft.kz/codex.htmlIn PDF document text
    • http://www.monotype.comMonotypeIn PDF document text
    • http://en.wikipedia.org/wiki/List_of_social_networking_websitIn PDF document text
    • http://data.worldbank.org/indicator/NY.GDP.PETR.RT.ZSIn PDF document text
    • http://data.worldbank.org/indicator/NY.GDP.NGAS.RT.ZSIn PDF document text
    • http://www.transparency.org/cpi2013/resultsIn PDF document text
    +33 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_192_off002c4ab3.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2C4AB3 111116 bytes
SHA-256: e021cef128ab5aac8565bee147854a6ec8ac12d24145dc4a16dfbd90aafb306b
stream_195_off002dfcf2.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x2DFCF2 24580 bytes
SHA-256: 54b9a5c2cd44b7d5ffb23b361e0512e9ce7d2e9b0d5c5fd8ff20677cfe05a0cd