Malicious PDF — malware analysis report

Static analysis result for SHA-256 4512753c2af590a6…

MALICIOUS

PDF

47.6 KB Created: 2021-05-11 20:08:12 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: a1e4af2e86c53cedc82003f7cfe53d53 SHA-1: 377a87166bc028fb6bc53f92b440ccd74130a963 SHA-256: 4512753c2af590a6d2fab195921e3405c6392a70de2cef5a366f012b5c6c7147
102 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document contains a lure for free in-game items and includes a direct link to a suspicious URL, indicating a likely phishing or scam attempt. The heuristic 'SE_SECRET_RECOVERY_LURE' suggests the document may also attempt to harvest user credentials or sensitive information. No scripts were extracted, but the presence of embedded URLs and the ML classifier's high confidence score support the malicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9013

Heuristics 4

  • Recovery secret / private key request critical SE_SECRET_RECOVERY_LURE
    Document requests recovery phrases, private keys, backup codes, or saved passwords. Requests for these secrets in a document are high-risk.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/406889139/coin-master-free-spin-and-coin-links-game-hack
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/roblox-free-pants_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/free-roblox-hack_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/minecraft-texture-packs-free-download_GM479516143.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/you-promised-my-son-free-robux_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/get-free-robux-today_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/hack-coin-master-android-2021_GM406889139.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/free-coin-master-spin-daily-link_GM406889139.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/how-to-get-free-robux-website_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/minecraft-java-free-download_GM479516143.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/roblox-executor-free-download_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/how-can-i-get-free-robux_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/free-spins-coin-master-daily_GM406889139.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/how-to-hack-roblox-accounts_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/coin-master-hack-mod-apk-android-1_GM406889139.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/free-robux-generator-2021-no-human-verification_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/roblox-robux-hack-generator_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/free-robux-com-roblox_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/change-roblox-username-free_GM431946152.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/free-minecraft-skins-pc_GM479516143.pdf
    • https://elearning.min1tanahdatar.sch.id/__statics/gudangsoal/files/free-robux-pin-codes_GM431946152.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00005477.bin
a84db02f96e8b29b97e10fcefb3a1e3f45c0c03857912d351cee1f89c5ea5ea1		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x5477 25060 bytes
font_01_sfnt_off00008dcb.bin
601c50867a41b9362538ff18e5f9479a0f9badf698aaf1eb7e88469c11719db7		 pdf-font-stream PDF embedded font (sfnt) at offset 0x8DCB 2920 bytes
font_02_sfnt_off000097e4.bin
ab1c4cdc214a6baf81a15e2f62a40ea9cfbbbf407f0f3dd1c7564e467cf0dae2		 pdf-font-stream PDF embedded font (sfnt) at offset 0x97E4 18228 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.