CLEAN
24
Risk Score
Machine Learning
- Nyx PDF Classifier suspicious score 0.2513
Heuristics 3
-
Cloud document impersonation lure medium SE_CLOUD_DOC_LUREDocument impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://docs.google.com/forms/d/e/1FAIpQLSfKQLw59vfdsYeMFrPB5Ltt4jiH_lB6k9bos1VUVtzeq8h0Sw/viewform PDF link annotation
- http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYouIn PDF document text
- http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
- http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
- http://www.microsoft.com/typography/0In PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off00004aa7.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x4AA7 | 180932 bytes |
SHA-256: d6c1694bfb36cfd6884688839794d1880a18bd2198a84908c30af25ae3a516c5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.