PDF static analysis report

Static analysis result for SHA-256 267a819e2760ee9f…

SUSPICIOUS

PDF

40.2 KB Created: 2021-05-01 05:29:53 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: 6db36401109349d1d6b5d72d6a41aedf SHA-1: 7ba41e5d320e26516f8b19406ad22040efc4f1d9 SHA-256: 267a819e2760ee9f3046cf05de0d825142472215e2247be500820b49d4ef2b83
50 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The ML classifier strongly flagged this PDF as malicious. The document body and embedded URLs suggest a lure for downloading an exploit or cheat tool, likely leading to malware execution. The presence of urgency and download-related phrases further supports this malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9941

Heuristics 4

  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/431946152/free-roblox-bee-swarm-simulator-exploit-game-hack PDF link annotation
    • https://lib-stie.yai.ac.id/repository/cheat-engine-2021-roblox.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/robux-hack-no-human-verification-or-survey-2021.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/get-unlimted-robux-for-free.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/slurp-hack-roblox-download-17.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/free-robux-diy.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/how-to-hack-someones-roblox-account-2021.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/roblox-without-logging-in-free.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/can-a-roblox-gift-card-give-free-robux.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/how-to-get-500-billion-robux-hack-2021.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/roblox-cbr-free-weekend-glitch.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000040dd.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x40DD 24348 bytes
SHA-256: d8b7092a28653a898d9d684adc550921ea3294951ae936fb87a21afd199e18cc
font_01_sfnt_off000078ce.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x78CE 19140 bytes
SHA-256: f106b1e5d05d13601329c934d964733a0cd1072799055ed5bfa3019aca76d1ee