PDF static analysis report

Static analysis result for SHA-256 f6b796ba52aa6a6f…

CLEAN

PDF

102.9 KB Created: 2020-06-23 09:55:46 +02:00 Authoring application: Microsoft® Word 2010 First seen: 2020-07-24
MD5: f7f962983ca04d75efc460595fb424ae SHA-1: 2374bcdaeb8f2d74b7e3dc18d87acc859d761cbd SHA-256: f6b796ba52aa6a6f948a74e95606633de8e9441e2106ddcb210836efd1ee5144
24 Risk Score

Machine Learning

  • Nyx PDF Classifier suspicious score 0.2513

Heuristics 3

  • Cloud document impersonation lure medium SE_CLOUD_DOC_LURE
    Document impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://docs.google.com/forms/d/e/1FAIpQLSfKQLw59vfdsYeMFrPB5Ltt4jiH_lB6k9bos1VUVtzeq8h0Sw/viewform PDF link annotation
    • http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYouIn PDF document text
    • http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
    • http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
    • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
    • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
    • http://www.microsoft.com/typography/0In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off00004aa7.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x4AA7 180932 bytes
SHA-256: d6c1694bfb36cfd6884688839794d1880a18bd2198a84908c30af25ae3a516c5