Malicious PDF — malware analysis report

Static analysis result for SHA-256 663e989fc0bbcb58…

MALICIOUS

PDF

35.0 KB Created: 2021-07-09 04:05:01 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: 1ab275c23b535412594ffc84a6d34821 SHA-1: b1d1fdbce747784cd8f4c402ae9f778f9da14116 SHA-256: 663e989fc0bbcb588d0bcac35a58bccf32301465177fdc08383cd0fa1765bf4a
102 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains numerous links to external websites, many of which are hosted on ktcart.co.in and appear to offer game hacks and cheats. The heuristic PDF_SEO_LINK_FARM indicates a large number of these external links, suggesting a link farm designed to attract users searching for such content. The ML_NYX_PDF_MALICIOUS score further supports the malicious nature of this PDF, likely serving as a lure to download potentially unwanted or malicious applications.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.tw/app/406889139/hack-coin-master-game-apk-game-hack
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/coin-master-rewards-app_GM406889139.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/hacked-jailbreak-roblox-with-no-verification_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/free-way-to-get-p-in-plaza-game-on-roblox_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/autoclicker-hack-roblox_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/roblox-game-studio-unblocked-cheats-download-guide-unofficial_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/how-to-get-free-items-on-roblox-no-pastebin_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/free-roblox-exploits_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/how-to-install-minecraft-for-free_GM479516143.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/hack-de-roblox-adopt-me_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/elemental-battlegrounds-roblox-hack_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/artificial-intelligence-roblox-hack-streets_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/free-robux-hack-no-verification_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/how-to-get-spins-on-coin-master-hack_GM406889139.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/minecraft-pe-apk-free-download_GM479516143.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/earn-free-robux_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/rc7-for-mac-roblox-free_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/any-working-robux-hacks_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/usernames-and-passwords-hack-roblox_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/how-do-you-hack-roblox-to-have-sex_GM431946152.pdf
    • https://www.ktcart.co.in/uploaded_files/userfiles/files/free-robux-come_GM431946152.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000032a3.bin
cd3a74c0b4aa8e616c782452dafa619ffb43eee549814723d681fa2657fb66e8		 pdf-font-stream PDF embedded font (sfnt) at offset 0x32A3 22740 bytes
font_01_sfnt_off000065d2.bin
463936874e39853abb7e98e6ded4f745103ffb6d0c99cb313be96a8fb665ddfc		 pdf-font-stream PDF embedded font (sfnt) at offset 0x65D2 18440 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.