PDF static analysis report

Static analysis result for SHA-256 4f380a3286f143f8…

SUSPICIOUS

PDF

38.0 KB Created: 2021-05-14 14:01:00 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 2ce623f175c6cb4f1efe213e5b8d8ee9 SHA-1: f5cce1e63b1d90aea3a61bdb807652ab40c21f28 SHA-256: 4f380a3286f143f8f0d64ddf8ad422b1cca0e058570b06f501f5ca82069ca725
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains embedded URLs, including one prominently featured in the document body, that lead to pages offering hacks for the game "Coin Master". The ML classifier strongly flagged this PDF as malicious, indicating a high likelihood of it being used for phishing or to redirect users to potentially harmful content. No scripts were extracted, but the presence of the malicious URL and the ML classification suggest a social engineering attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/406889139/coin-master-hack-spins-and-coins-unlimited-free-game-hack PDF link annotation
    • https://www.sauvonsleclimat.org/images/roblox-demon_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/roblox-font-free_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/coin-master-hack-download-ios_GM406889139.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/free-minecraft-client_GM479516143.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/free-bling-bling-card-coin-master_GM406889139.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/roblox-speed-hack_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/roblox-hack-download_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/coin-master-100-spin_GM406889139.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/coin-master-twitter_GM406889139.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/free-robux-no-survey-or-human-verification_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/get-me-free-robux_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/minecraft-gun-games-free_GM479516143.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/free-robux-website_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/free-robux-no-verification-2021-ios_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/game-give-free-robux_GM431946152.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/free-coin-master-links_GM406889139.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/coin-master-free-spons-apk-2021_GM406889139.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/coin-master-fan-page_GM406889139.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/coin-master-free-spins-link-today-blogspot_GM406889139.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/how-to-get-minecraft-coins-for-free_GM479516143.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00004856.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x4856 23856 bytes
SHA-256: b5e0a2b004d68f52d3c386ad5e111d6cdba013167ff9aea413a4a2b18ceadb6f