SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains multiple external URLs, including one that directly advertises a game hack. The presence of a 'download button' heuristic and the ML classifier's high confidence score indicate a malicious intent. The document body, though partially corrupted, contains text related to game hacks and a call to action, reinforcing the lure. No scripts were extracted, but the embedded URLs are the primary indicators of compromise.
Machine Learning
- Nyx PDF Classifier malicious score 0.8060
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.xyz/app/479516143/minecraft-for-free-on-phone-game-hack PDF link annotation
- https://sparkthis.org/ckfinder/userfiles/files/roblox-hacks-and-cheats_GM431946152.pdfIn PDF document text
- https://sparkthis.org/ckfinder/userfiles/files/minecraft-bedrock-for-free_GM479516143.pdfIn PDF document text
- https://sparkthis.org/ckfinder/userfiles/files/how-to-hack-coin-master-facebook_GM406889139.pdfIn PDF document text
- https://sparkthis.org/ckfinder/userfiles/files/get-coin-master-hack_GM406889139.pdfIn PDF document text
- https://sparkthis.org/ckfinder/userfiles/files/how-to-get-tiktok-free-likes_GM835599320.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00003660.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3660 | 25424 bytes |
SHA-256: 79537d2ac74fd776c69a3b2bdbfd05121d7922dfe759eaf11ecb20c0f8a77e27 |
|||
font_01_sfnt_off00007089.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7089 | 2816 bytes |
SHA-256: 214f0b8c2b3c279476f862ae08d7e072944da5f6084cbd6130f0ffdc3460b614 |
|||
font_02_sfnt_off00007a35.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A35 | 18032 bytes |
SHA-256: 03f24e9b7df13ddf2a61f787c3fe001e8b6ca75c509430b262bdd287118d54e8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.