Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b3d2198f59efc74…

MALICIOUS

PDF

33.7 KB Created: 2021-07-01 22:20:42 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-15
MD5: dfed7fedd2ee657813ae73528a2e84d7 SHA-1: 41967cda4c2caeb93a64c8aab2d782bc117bc42d SHA-256: 4b3d2198f59efc74aed5cd4ded1463dff6051cc2afe4e5f3a54b3dfd2a2b6f72
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The document presents itself as a guide to hacking games like Roblox, but the primary lure is a prompt to install a fake browser update or plugin. This social engineering tactic is designed to trick users into downloading and executing malicious content. The embedded URLs likely lead to further stages of the attack, such as downloading malware or redirecting to phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 4

  • Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
    Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/how-to-hack-roblox-no-download-2021-game-hack PDF link annotation
    • http://perpus.ftunismabekasi.ac.id/repository/how-to-get-minecraft-coins-for-free_GM479516143.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/download-a-free-generator-for-robux-no-website_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/roblox-cheat-menu-2021_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/bexggg-free-robux_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/free-lifetime-obc-roblox-accounts_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/beyon-roblox-tries-hack-2021_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/roblox-free-player-points_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/roblox-speed-hack-2021-april_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/roblox-robux-hack-no-human-verification-or-survey_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/roblox-printables-free_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/coin-master-free-snacks-link_GM406889139.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/coin-master-free-mighty-lion-card_GM406889139.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/free-robux-tix-generator-download_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/minecraft-skins-download-free_GM479516143.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/hack-coin-master-download_GM406889139.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/coin-master-free-spin-ml_GM406889139.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/pain-exist-hack-roblox_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/how-to-get-free-robux-without-verification-2021_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/how-to-hack-the-roblox-birthday-system_GM431946152.pdfIn PDF document text
    • http://perpus.ftunismabekasi.ac.id/repository/how-to-hack-people-roblox-real_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002d87.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2D87 21616 bytes
SHA-256: a67302ecd36854509b507d50d06f2f7b3c5ff1ce984a18284a01625586baddf4
font_01_sfnt_off00005ce3.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x5CE3 19564 bytes
SHA-256: dbb5cdc58c488ad3ca25d303e8a5bb75b2c15be6271c0a7b2361279cc874a18e

Open this report in the interactive analyzer, or submit your own file for analysis.