PDF static analysis report

Static analysis result for SHA-256 81c7ad7d48ad8768…

SUSPICIOUS

PDF

45.5 KB Created: 2021-06-03 08:08:49 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: fe5489d9bae6e7e8f9766b7f8688660e SHA-1: 6307717ddfcd00c90ca774f27111e0f48516c8dd SHA-256: 81c7ad7d48ad8768455e7427e16304656167ab330516a0d734f07152e576431d
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains embedded URLs and a visual call-to-action, suggesting it is designed to trick users into downloading further malicious content. The ML classifier strongly flagged this PDF as malicious, and the presence of multiple URLs related to game hacks indicates a lure for potentially unwanted or malicious software. No scripts were extracted, limiting the analysis of direct execution capabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9864

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.online/app/431946152/how-to-hack-in-any-roblox-game-game-hack PDF link annotation
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/coin-master-hack-2021-android_GM406889139.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/minecraft-free-ios-2021_GM479516143.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/how-to-get-free-robux-2021-no-human-verification_GM431946152.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/free-robux-co_GM431946152.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/coin-master-hack-without-verification-code_GM406889139.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/coin-master-hack-apk-latest-version-2021_GM406889139.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/roblox-hack-unlimited-robux_GM431946152.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/coin-master-free-spins-and-coins-daily-links_GM406889139.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/minecraft-for-free-games_GM479516143.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/coin-master-hack-game-download-mod-apk_GM406889139.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/minecraft-wurst-hacked-client_GM479516143.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/coin-master-links-to-free-spins_GM406889139.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/daily-free-spin-coin-master-link_GM406889139.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/roblox-robux-generator-no-human-verification_GM431946152.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/how-can-you-get-robux_GM431946152.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/free-robux-without-survey_GM431946152.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/free-robux-not-fake_GM431946152.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/real-minecraft-for-free_GM479516143.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/free-spin-coin-master-2021_GM406889139.pdfIn PDF document text
    • http://study.mtsn3limapuluhkota.sch.id/__statics/gudangsoal/files/coin-master-free-spins-link-2021-blogger_GM406889139.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off00005531.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x5531 24644 bytes
SHA-256: 8ab8e2f09d09ba2b4966d0fa0790c2a6c5c9cac87f25d52b0785538f2c3c88fb
font_01_sfnt_off00008de5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8DE5 18784 bytes
SHA-256: 1e9cb7a80c1691940fd92245a125ad826c21e4f3b60cbf670298a8d1ce3bc4dc