PDF static analysis report

Static analysis result for SHA-256 6ec5040459fbf833…

SUSPICIOUS

PDF

37.2 KB Created: 2021-05-13 22:02:20 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-05
MD5: d49d579c5c9eda256fc6cdf2a26c6dc0 SHA-1: 3c052a3e7a29ff93c400051bd254c6f22df67b76 SHA-256: 6ec5040459fbf83386f26a6bbada40202582691ae420403b6e30d671712a8214
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF document contains numerous URLs advertising "mod hack apk" downloads for games like Coin Master and Minecraft, indicating a lure for potentially unwanted applications or malware. The ML classifier strongly flagged this PDF as malicious, supporting the suspicious nature of the content. The embedded URLs and document body content directly point to a deceptive scheme to trick users into downloading unofficial game modifications.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9991

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/406889139/coin-master-3.2-mod-hack-apk-download-game-hack PDF link annotation
    • https://kierowcyhgv.uk/images/coin-master-fun-free-spins_GM406889139.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/free-minecraft-account-generator_GM479516143.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/coin-master-35-16-hack-apk_GM406889139.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/free-robux-no-human-verification-or-survey_GM431946152.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/coin-master-free-spins--coins-2021_GM406889139.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/free-robux-websites-that-actually-work_GM431946152.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/how-to-get-free-robux-2021-easy_GM431946152.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/minecraft-mod-menu-apk_GM479516143.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/coin-master-free-spins-today-daily-links_GM406889139.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/how-to-get-free-robux-2021-no-human-verification_GM431946152.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/coin-master-claim-free-spins_GM406889139.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/gaming-dunia-coin-master-free-spins_GM406889139.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/roblox-2021-hack_GM431946152.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/roblox-hack-scripts-pastebin_GM431946152.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/how-to-get-free-robux-codes_GM431946152.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/links-to-free-spins-on-coin-master_GM406889139.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/coin-master-game-hack-link_GM406889139.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/roblox-hack-download_GM431946152.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/free-minecraft-java-edition_GM479516143.pdfIn PDF document text
    • https://kierowcyhgv.uk/images/how-to-hack-a-roblox-account-easy_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000048c2.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x48C2 24988 bytes
SHA-256: 6dbdcf28aab47e26c0ef85e2a76106b8f6e42bc0a2b569ff638f0d65329beb19
font_01_sfnt_off00008193.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8193 2880 bytes
SHA-256: 10d025f04f706eb71cdda4f99784df1b9ccb52e48080e43095e0398eaef6f132