PDF static analysis report

Static analysis result for SHA-256 0e7e62a2110d92d4…

SUSPICIOUS

PDF

46.9 KB Created: 2021-05-12 01:37:48 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 31256375a7d065210a82dc5a036cd5c3 SHA-1: ecbfadad518659eab0dfa86c846f0112a4425518 SHA-256: 0e7e62a2110d92d49386b5b35582d77228ee5bef909b1b426dff6fc2de0fecc0
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains lures for free Robux and game hacks, directing users to external URLs. The ML classifier also flagged this PDF as malicious. While no scripts were explicitly extracted, the presence of embedded URLs and the document's theme suggest a phishing or scam attempt, likely leading to a malicious download or further compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8948

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/431946152/get-free-robux-without-doing-anything-game-hack PDF link annotation
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/coin-master-hack-spin-link_GM406889139.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/how-to-earn-robux_GM431946152.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/coin-master-daily-free-coins-link-today_GM406889139.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/robux-for-offers_GM431946152.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/kuso-icu-roblox-hack_GM431946152.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/minecraft-pe-mod-menu_GM479516143.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/robloxbux-us-generator_GM431946152.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/where-can-i-get-free-spins-for-coin-master_GM406889139.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/how-to-get-free-robux-without-doing-anything_GM431946152.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/spin-hack-for-coin-master_GM406889139.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/how-to-get-free-robux-without-downloading-apps_GM431946152.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/how-to-downgrade-minecraft-pe_GM479516143.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/coin-master-2021-free-spins_GM406889139.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/spinuri-gratis-coin-master_GM406889139.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/roblox-com-free-robux_GM431946152.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/coin-master-free-spins-link-today-new_GM406889139.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/optifine-mcpe_GM479516143.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/coin-master-link_GM406889139.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/how-to-get-free-robux-for-real_GM431946152.pdfIn PDF document text
    • https://elearning.mtsn4pasuruan.sch.id/__statics/gudangsoal/files/free-roblox-accounts-with-robux-2021_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00004d37.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x4D37 24296 bytes
SHA-256: f40ff0260a4532cf4e20da721e2abba635f15daeb0622f558f1e112b06b0af43
font_01_sfnt_off000084d5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x84D5 4044 bytes
SHA-256: 5196410bcdfc72ecb4ad7d922073bb6d34bf55d37084e4ffe688bf66f2d13d53
font_02_sfnt_off000091fe.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x91FE 19240 bytes
SHA-256: a9e3aa10522a438dd9eef37bb3e7f322f16e38379d063b4a50e22a05dda2bc13