Malicious PDF — malware analysis report

Static analysis result for SHA-256 386146b895562c08…

MALICIOUS

PDF

34.5 KB Created: 2021-05-23 16:34:52 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: 4a84efa34cbede1452ceeb3c298683c3 SHA-1: 654c44e3e36c2efbcfea6606e65c06f858ff0354 SHA-256: 386146b895562c08d36f13ea92f6a7cfc12f74aced642986d663b4d91b40bbb1
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF document contains heuristics indicating it is malicious and attempts to lure users into installing software or downloading files, a common social-engineering tactic. The document body and embedded URLs suggest the lure is related to game hacks or generators, directing users to download potentially malicious content from external URLs. No scripts were extracted, but the overall structure and embedded URLs point to a downloader or dropper attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9508

Heuristics 4

  • Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
    Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/835599320/freer-pro-tiktok-game-hack
    • http://mycookingpot.com/images/coinmaster-gps-user-review-coinmaster-coin-master-hack-pagedemo-index_GM406889139.pdf
    • http://mycookingpot.com/images/roblox-group-free-robux_GM431946152.pdf
    • http://mycookingpot.com/images/coin-master-free-spin-game_GM406889139.pdf
    • http://mycookingpot.com/images/free-spins-and-coins-coin-master-links_GM406889139.pdf
    • http://mycookingpot.com/images/minecraft-java-edition-redeem-code-free-2021_GM479516143.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00003045.bin
d074445dba5b7234d8093ffce8a218d767acc594267bb9830fd0513e8302c696		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3045 24172 bytes
font_01_sfnt_off00006761.bin
ce89ed17beb43e5874c760a665d90bca09271831bf209f2f19e5d757293baf95		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6761 17612 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.