PDF static analysis report

Static analysis result for SHA-256 09b70141f55c98ea…

SUSPICIOUS

PDF

23.1 KB Created: 2021-05-19 16:14:28 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 61786ce56e582e84b1d566639a47a595 SHA-1: d3ef708f6557ea5bcf30672a655ff2e5059bf089 SHA-256: 09b70141f55c98ea461a14b12c323648795f8519ab4d4d98d35f7c890bfadd14
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF document contains numerous embedded links directing users to websites offering game hacks and cheats, such as for TikTok and Roblox. The ML classifier strongly flagged this PDF as malicious, indicating a high likelihood of it being used for phishing or malware distribution. The primary attack pattern involves social engineering users into visiting potentially harmful external sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9994

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/835599320/tiktok-free-gallery-game-hack PDF link annotation
    • http://getthelook-bkk.com/images/minecraft-pocket-edition-free-download_GM479516143.pdfIn PDF document text
    • http://getthelook-bkk.com/images/free-coin-master-spins-2021_GM406889139.pdfIn PDF document text
    • http://getthelook-bkk.com/images/funbloxxyz-free-robux_GM431946152.pdfIn PDF document text
    • http://getthelook-bkk.com/images/roblox-free-robux_GM431946152.pdfIn PDF document text
    • http://getthelook-bkk.com/images/minecraft-svg-free_GM479516143.pdfIn PDF document text
    • http://getthelook-bkk.com/images/get-free-spins-on-coin-master-2021_GM406889139.pdfIn PDF document text
    • http://getthelook-bkk.com/images/bloxpage-free-robux_GM431946152.pdfIn PDF document text
    • http://getthelook-bkk.com/images/can-u-get-free-robux_GM431946152.pdfIn PDF document text
    • http://getthelook-bkk.com/images/how-to-get-a-refund-on-roblox-2021_GM431946152.pdfIn PDF document text
    • http://getthelook-bkk.com/images/scaffold-minecraft-hack_GM479516143.pdfIn PDF document text
    • http://getthelook-bkk.com/images/minecraft-client-download_GM479516143.pdfIn PDF document text
    • http://getthelook-bkk.com/images/minecraft-survival-hacks_GM479516143.pdfIn PDF document text
    • http://getthelook-bkk.com/images/how-to-get-free-roblox-hair_GM431946152.pdfIn PDF document text
    • http://getthelook-bkk.com/images/coin-master-hack-apk-app_GM406889139.pdfIn PDF document text
    • http://getthelook-bkk.com/images/free-roblox-generator_GM431946152.pdfIn PDF document text
    • http://getthelook-bkk.com/images/coinmasterdailyfreespins-com_GM406889139.pdfIn PDF document text
    • http://getthelook-bkk.com/images/how-to-get-free-robux-no-survey_GM431946152.pdfIn PDF document text
    • http://getthelook-bkk.com/images/coin-master-free-spins-and-coins-for-today_GM406889139.pdfIn PDF document text
    • http://getthelook-bkk.com/images/coin-master-gift-link_GM406889139.pdfIn PDF document text
    • http://getthelook-bkk.com/images/roblox-free-rubox_GM431946152.pdfIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000452c.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x452C 8235 bytes
SHA-256: b8a7e1a132ecaba18c9baa4297316d97ef4bf65e2259af4775775cb3a7792d5d