Malicious PDF — malware analysis report

Static analysis result for SHA-256 f8c7dc52b29996a1…

MALICIOUS

PDF

5.69 MB Created: 2026-04-28 10:17:26 +02:00 Authoring application: Adobe InDesign 21.2 (Macintosh) (via Adobe PDF Library 18.0) First seen: 2026-06-10
MD5: 285b4ccf0c684895e0c10b501ea8abd2 SHA-1: 5509de7a324bf10a20da77d74bd927f6222033aa SHA-256: f8c7dc52b29996a17e6a833712e4d2d6155f64ab57b1c1c7a7ca9bd6ea4935e5
62 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.5099

Heuristics 4

  • Unusually high stream count medium PDF_MANY_STREAMS
    PDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
  • AcroForm button with action trigger low PDF_ACROFORM_BUTTON
    PDF contains a /Btn form field together with a SubmitForm/URI/Launch/JS trigger — this is the building block of fake 'Download' or 'Open' button overlays used in PDF phishing lures
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://prismstandard.org/namespaces/prismusagerights/2.1/ In PDF document text
    • http://ns.useplus.org/ldf/xmp/1.0/In PDF document text
    • http://cipa.jp/exif/1.0/In PDF document text
    • http://ns.useplus.org/ldf/vocab/DMI-PROHIBITED-EXCEPTSEARCHENGINEINDEXINGIn PDF document text
    • http://ns.camerabits.com/photomechanic/1.0/In PDF document text
    • http://totallypic.comIn PDF document text
    • http://www.medicalschemes.co.zaIn PDF document text
    • http://www.discovery.co.zaPDF link annotation
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/exif/1.0/aux/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/photoshop/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
    • http://purl.org/dc/terms/In PDF document text
    • http://ns.adobe.com/tiff/1.0/In PDF document text
    • http://ns.adobe.com/exif/1.0/In PDF document text
    • http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/In PDF document text
    • http://xmp.gettyimages.com/gift/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/rights/In PDF document text
    • https://www.istockphoto.comIn PDF document text
    • https://www.istockphoto.com/legal/license-agreement?utm_medium=organic&utm_source=google&utm_campaign=iptcurlIn PDF document text
    • https://www.istockphoto.com/photo/license-gm2060051276-?utm_medium=organic&utm_source=google&utm_campaign=iptcurlIn PDF document text
    • http://ns.adobe.com/illustrator/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/t/pg/In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/Dimensions#In PDF document text
    • http://ns.adobe.com/xap/1.0/sType/Font#In PDF document text
    • http://ns.adobe.com/xap/1.0/g/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/camera-raw-settings/1.0/In PDF document text
    • http://ns.adobe.com/lightroom/1.0/In PDF document text
    • https://www.istockphoto.com/photo/license-gm2158618261-?utm_medium=organic&utm_source=google&utm_campaign=iptcurlIn PDF document text
    • https://www.istockphoto.com/photo/license-gm1440949772-?utm_medium=organic&utm_source=google&utm_campaign=iptcurlIn PDF document text
    • http://ns.microsoft.com/photo/1.0In PDF document text
    • https://www.istockphoto.com/photo/license-gm2203628288-?utm_medium=organic&utm_source=google&utm_campaign=iptcurlIn PDF document text
    • https://www.istockphoto.com/photo/license-gm2172332626-?utm_medium=organic&utm_source=google&utm_campaign=iptcurlIn PDF document text
    • http://ns.adobe.com/camera-raw-defaults/1.0/In PDF document text
    • https://www.istockphoto.com/photo/license-gm2079425301-?utm_medium=organic&utm_source=google&utm_campaign=iptcurlIn PDF document text
    • https://twitter.com/search?q=@Discovery_SA&ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5EsearchIn PDF document text
    • https://www.discovery.co.za/corporate/whatsapp-registration-journeyIn PDF document text
    • https://mobile.facebook.com/discoverysouthafrica/?_ft_=top_level_post_id.1961952950691462%3Atl_objid.1961952950691462%3Apage_id.1600607516826009%3Athid.1600607516826009&__nodl&ref=external%3Awww.google.com&_rdrIn PDF document text
    • https://www.youtube.com/user/DiscoverySAIn PDF document text
    • https://www.discovery.co.za/portal/In PDF document text
    • https://www.instagram.com/discovery_sa/?hl=enIn PDF document text
    • https://www.discovery.co.za/corporate/our-appsIn PDF document text
    • https://www.discovery.co.za/medical-aid/about-discovery-health-medical-schemeIn PDF document text
    • http://www.iec.chIn PDF document text

Extracted artifacts 15

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off000046d6.icc pdf-icc-profile PDF ICC profile at offset 0x46D6 3144 bytes
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e
font_00_sfnt_off0000513b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x513B 18128 bytes
SHA-256: 1e5d1d6f93975584241a13b33cb0107b28be4c137658bc466c9773642876f0b9
font_01_sfnt_off00007c93.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7C93 16920 bytes
SHA-256: ea4f51ae6b1426e67cf1918bbf4ee55670ad565f426e740b96c75521088d3a3a
font_02_sfnt_off000d4614.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xD4614 10630 bytes
SHA-256: 247915b308823707a8c1cbb9ad75b66bb37f0425e84546a646ff430409adc2f7
font_03_sfnt_off0034ecfd.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x34ECFD 12242 bytes
SHA-256: 3542daf2e2136950c97d206fc1e093538b51b3c0dbb54040f965b63fb3568c98
font_04_sfnt_off00424b20.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x424B20 13129 bytes
SHA-256: 05185987bdb0e3cc0547344e992e4ec6e49cd976029ea6f78843486bae2f6809
font_05_sfnt_off0054c0c4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x54C0C4 19188 bytes
SHA-256: 39a226518cb8fea6b13c535c7379b6e0fd0ad8f610ef2d30f6f99bde0de21b19
font_06_sfnt_off0054f8ba.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x54F8BA 18092 bytes
SHA-256: 86a9a6b49e7a9ba4219b2f02488ce3a6c22b4140accd908f05f25021d37a52ca
font_07_sfnt_off0055266b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x55266B 18405 bytes
SHA-256: b28dc4759844eba4c85987a84197bd9e756746ec17d14e4857f33f7c8295b0e2
font_08_sfnt_off0055536a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x55536A 12544 bytes
SHA-256: 200a0b123548cb2c211f4deb41cd440229b0fc1a3ca9a4e5790792a1f635865a
font_09_sfnt_off00560774.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x560774 15840 bytes
SHA-256: 0b464155725cc37fb37534771ec10fe5f73c3a2a8a183451150d497e3795c099
font_10_sfnt_off00568250.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x568250 14972 bytes
SHA-256: b2e3bac85a70e05a5fb5e1a426d778c0859e221d2ee5f1d53cb313bd7e6d5d97
font_11_sfnt_off0056b4f5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x56B4F5 14626 bytes
SHA-256: de55e779477f3cfbc653a3fc621bbe2bdb0ee80c9f666a929d070f28bfad3fa1
font_12_sfnt_off0056ea03.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x56EA03 12764 bytes
SHA-256: dbde433839003fa656f9c96026cc73dd53e129b6b773807c1412494919a58c93
font_13_sfnt_off00578aa2.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x578AA2 14054 bytes
SHA-256: e977ebece64668a10c7421cc9e14dd9a0d8857d62586ee86f397d771b85564a2

Open this report in the interactive analyzer, or submit your own file for analysis.