PDF static analysis report

Static analysis result for SHA-256 34aa0e93ed3cc568…

SUSPICIOUS

PDF

46.6 KB Created: 2021-06-14 02:10:49 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 1339b220843b089d8397902c84095f19 SHA-1: d287b95a0c843da87650d7ad0e70ace5a713b732 SHA-256: 34aa0e93ed3cc568cd115d2bf0ed96f461df74ee7337fd14c8155bf4d057b5c2
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous embedded URLs and a document body that explicitly advertises "hacks" for popular games, aiming to trick users into downloading malicious content. The ML classifier also flagged this PDF as malicious. The presence of external URIs suggests an attempt to redirect users to malicious sites or download further payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8948

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/how-to-hack-roblox-jailbreak-2021-game-hack PDF link annotation
    • http://perpus.unbi.ac.id/slims7_cendana//repository/free-robux-co_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/flame-gg-free-robux_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/best-minecraft-hacked-client-2021_GM479516143.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana//repository/minecraft-pe-hacks-ios_GM479516143.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/free-robux-hack-2021_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana//repository/robux-free-gift-card-org-hack_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana//repository/free-spins-coin-master-2021-today_GM406889139.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/roblox-hack-client-april-2021_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/free-robux-discord-servers_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/can-lucky-patcher-hack-coin-master_GM406889139.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/coin-master-working-hack_GM406889139.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana//repository/how-to-get-free-coins-in-coin-master-game_GM406889139.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/how-to-hack-roblox-with-an-injector_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/coin-master-app-hacks_GM406889139.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/robux-and-tix-hack-no-survey-no-download_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana//repository/how-to-get-minecraft-for-free-on-nintendo-switch_GM479516143.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/coinmaster-rewards_GM406889139.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/free-roblox-outfits_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/free-roblox-gift-cards-2021_GM431946152.pdfIn PDF document text
    • http://perpus.unbi.ac.id/slims7_cendana/repository/near-tiktok-free-download_GM835599320.pdfIn PDF document text
    • https://robuxhaxs.comIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000499e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x499E 26636 bytes
SHA-256: 43af14c4f7623cdbcf6ae0159c928730b9444561044051b98b6f5678c467c121
font_01_sfnt_off000086f0.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x86F0 2824 bytes
SHA-256: 94c1b019735d7e491765340abe50b2897410e2ec65ecf141c08bd9f2220897c4
font_02_sfnt_off0000909e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x909E 19220 bytes
SHA-256: 341b7fd11a4a941b9b498e77d169b3b180fedcd4ae5e80cc9d3bed674d896940