Malicious PDF — malware analysis report

Static analysis result for SHA-256 615ba3a011486032…

MALICIOUS

PDF

51.0 KB Created: 2021-05-13 15:00:25 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: 1c012fadeefafe989fee59e252ec562b SHA-1: 144d01e02c126f45749a27bd1128bc94a70417e2 SHA-256: 615ba3a011486032de6a7664c204aba42251252bd3a175cd39928cc4af2fdbcd
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains embedded URLs and a document body that explicitly advertises 'free Robux' and game hacks, aiming to trick users into downloading further malicious content. The presence of multiple external URLs, including one hosted on 'netcdn.xyz', strongly suggests a phishing or scam attempt. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9348

Heuristics 4

  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/431946152/free-robux-youtube-game-hack
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/free-minecraft-account-generator_GM479516143.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/coin-master-hack-spin-160-pro_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/play-coin-master-online-free_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/free-spins-coin-master-2021-today_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/coin-master-daily-free-spins-today_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/how-to-hack-someones-roblox-account-2021_GM431946152.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/coin-master-free-spins-and-coins-link-today_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/como-hackear-coin-master-ios_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/archery-master-3d-coins-hack_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/coin-master-hack-unlimited-spins-and-coins-cheats_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/coin-master-free-spin-sites_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/how-to-sue-roblox_GM431946152.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/robux-prices_GM431946152.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/coin-master-free-spins-apple_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/free-spins-coin-master-2021_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/coin-master-levels_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/how-do-u-get-free-robux-2021_GM431946152.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/free-robux-obby_GM431946152.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/coin-master-hack-download-apk_GM406889139.pdf
    • https://elearning.mtsn4jembrana.sch.id/__statics/gudangsoal/files/roblox-gift-card-free-codes_GM431946152.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00004c1a.bin
54ab6ebcaad8f3a16b6050d2a3873c0b76069a20d2c80e6a3eb33f6a48aaa06d		 pdf-font-stream PDF embedded font (sfnt) at offset 0x4C1A 26312 bytes
font_01_sfnt_off00008a23.bin
e6d68e720ea5acf9dccbf7ffde18db6f65c62a99ab7725aa43e30329033a7787		 pdf-font-stream PDF embedded font (sfnt) at offset 0x8A23 8132 bytes
font_02_sfnt_off0000a510.bin
de5b074060e7ee0fa0230ac6212805924cd4a5679e09505111534b28358c176b		 pdf-font-stream PDF embedded font (sfnt) at offset 0xA510 18280 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.