PDF static analysis report

Static analysis result for SHA-256 01c00665072cd0f4…

SUSPICIOUS

PDF

47.1 KB Created: 2021-06-03 07:16:01 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: 95835bc4aef74d8c565485306f26977e SHA-1: 69e3103ca3b7a935f82bf4d788268738e86f691a SHA-256: 01c00665072cd0f46214920122173db0022ba426f0007f8beb2419916c68feea
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains embedded URLs and a call-to-action lure related to 'Free Coins' for a game, suggesting a phishing or social engineering attempt to trick users into downloading malicious content. The ML classifier also flagged this PDF as malicious. While no scripts were directly extracted, the presence of external URIs and the document's deceptive content strongly indicate a malicious intent to redirect users to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9769

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.online/app/406889139/free-coins-coin-master-2021-game-hack PDF link annotation
    • http://www.biochemix.com/uploaded_files/userfiles/files/minecraft-pe-free-ios_GM479516143.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/how-to-get-free-robux-app_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/minecraft-116-free_GM479516143.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/www-coin-master-hack-tk_GM406889139.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/is-roblox-studio-free_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/how-to-get-free-robux-without-verifying_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/how-to-get-free-spins-on-coin-master_GM406889139.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/game-coin-master-hack_GM406889139.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/mathep_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/earn-robux-online_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/minecraft-pe-free_GM479516143.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/what-do-points-do-in-roblox_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/how-to-get-free-robux-without-human-verification-2021_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/como-hackear-coin-master-2021_GM406889139.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/moonactive-coin-master-hack_GM406889139.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/free-robux-2021-no-human-verification_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/coin-master-free-2021-spin-link_GM406889139.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/best-way-to-get-free-robux_GM431946152.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/coin-master-free-coins-facebook_GM406889139.pdfIn PDF document text
    • http://www.biochemix.com/uploaded_files/userfiles/files/free-robux-generator-no-survey-no-download-no-human-verification_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000531f.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x531F 24712 bytes
SHA-256: 1b02327fb07d4eee0ca1607718194187033e50f4bfd414b834bf085d00cc4655
font_01_sfnt_off00008bbf.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8BBF 2896 bytes
SHA-256: c1a618813a64314343402b2ec738fc11c4c912460a4c7ae3029924d2f9a229cd
font_02_sfnt_off000095a4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x95A4 18112 bytes
SHA-256: 0727bd4027d3f5eec951b181c2bc31ee4d98e10eed2c862aff41d240a04f60ea