Malicious PDF — malware analysis report

Static analysis result for SHA-256 572eaf941c81c2de…

MALICIOUS

PDF

37.2 KB Created: 2021-07-09 00:49:33 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: c64e9ad1ba88572b739af25ae56e5a74 SHA-1: 3534f43b5d0e9a9ebc058ca015cf0d77ef25f37e SHA-256: 572eaf941c81c2ded0e40f848ba7b87ac578f55d8ce639494ec09a775ab52569
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF document contains embedded URLs and text that promote game cheats and hacks, specifically for Coin Master and Roblox. The ML classifier strongly flagged this PDF as malicious, and the presence of external URIs suggests an attempt to redirect the user to a malicious download site. The document's content and heuristics indicate a phishing or scam attempt to trick users into downloading potentially harmful files.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 4

  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.tw/app/406889139/coin-master-hack-without-human-verification-2021-game-hack
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/freespincoin-masterlinkdownload_GM406889139.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/free-robux-without-offers_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/cheats-for-roblox-jailbreak-money_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/how-do-you-earn-robux-on-roblox_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/roblox-generator_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/how-to-get-free-coins-on-coin-master_GM406889139.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/free-minecraft-accounts-2021_GM479516143.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/get-me-robux-for-free_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/free-spin-today-coin-master_GM406889139.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/can-u-get-free-robux_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/roblox-ben-10-free-download_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/moon-active-games_GM406889139.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/how-to-install-minecraft-for-free_GM479516143.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/minecraft-hacks-115-2_GM479516143.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/minecraft-games-online-free-no-download_GM479516143.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/couleur-de-peau-free-roblox_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/roblox-cheat-codes-mega-fun-obby_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/free-roblox-accounts-with-robux-that-work-not-banned_GM431946152.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/coin-master-hack-apk-iphone_GM406889139.pdf
    • http://elearning.man1kotamobagu.sch.id/__statics/gudangsoal/files/free-coin-master-spins-links-2021_GM406889139.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00003557.bin
f50f2c6bd4e41f4f2fce3580ffe9854e2ebc54e186ebad7f1747e2ed0cd8c92c		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3557 23836 bytes
font_01_sfnt_off00006bc6.bin
f8861b3c9aaf8f1d50bee1847069a40ba50e39d84bb43402706f5c77a0ef7414		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6BC6 19304 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.