PDF static analysis report

Static analysis result for SHA-256 26950e41c1e8cbac…

SUSPICIOUS

PDF

34.9 KB Created: 2021-07-02 01:36:57 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-17
MD5: 14c2fba908891e54cdd03abcfb20d473 SHA-1: dc65d1ed7f03f4e67784a50599e764b9df83c3e5 SHA-256: 26950e41c1e8cbac3b959dcee8c54097c5ddae180aeb9466cc3d5711eb627014
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF document contains lures for game hacks and giveaways, directing users to external URLs for downloads. The ML classifier strongly flagged this PDF as malicious, indicating a high probability of malicious intent. While no scripts were explicitly extracted, the presence of embedded URLs and the document's theme suggest it's designed to trick users into downloading and executing further malicious content, likely related to the offered cheats.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/roblox-hacks-giveaways-game-hack PDF link annotation
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/robux-today_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/coin-master-free-cards-hack_GM406889139.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/roblox-jailbreak-hack-download_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/hackear-prison-life-roblox-2021_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/how-do-i-earn-free-robux_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/free-minecraft-skins-girl_GM479516143.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/how-to-get-free-robux-in-2-minutes-roblox_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/free-roblox-accounts-with-robux-2021-march_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/rbxnow-gg-earn-free-robux_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/minecraft-windows-10-free-code_GM479516143.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/roblox-com-free-robux_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/coins-master-hacks_GM406889139.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/easy-way-to-get-free-robux_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/how-to-get-free-robux-step-by-step_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/how-do-i-get-free-robux-on-roblox_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/free-robux-bettergenerator-us_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/roblox-free-mods_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/coin-master-free-spins-link-2021-today_GM406889139.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/como-descargar-hack-para-roblox-de-robux_GM431946152.pdfIn PDF document text
    • https://e-learning-mts-nurussaadah.com/__statics/gudangsoal/files/html-free-robux-hack_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003194.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3194 22160 bytes
SHA-256: 30142163ed0306d25652ab9aaabb0a02e49870faa5f6c1e2b94d08991819c729
font_01_sfnt_off000062d5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x62D5 19236 bytes
SHA-256: 8b93d7cfac6e62e9e7f71d4b1389ca1e6a3ad753e5b49a56aa051923995682b3