PDF static analysis report

Static analysis result for SHA-256 859fe0e08028d0ee…

SUSPICIOUS

PDF

35.4 KB Created: 2021-07-09 14:05:42 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 5a8b02034a444fed0555f12f436f4652 SHA-1: c3e4e8d191375094854c3221b1ce6f765edc79df SHA-256: 859fe0e08028d0eee8523ce134af61c98435326526862ff75dfc6229f314c50e
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous embedded URLs and text related to 'free coins' for Coin Master and 'free Robux' for Roblox, indicating a social engineering lure. The ML classifier strongly flagged this PDF as malicious, and the presence of external URIs suggests it is designed to redirect users to download potentially harmful content. No scripts were extracted, but the overall pattern suggests a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.tw/app/406889139/coin-master-free-coins-2021-game-hack PDF link annotation
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/how-to-hack-coin-master-ios-jailbreak_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/free-coin_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/uprobuxcom-free-robux_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/earn-robux-for-roblox_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/robux-gratis_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/earn-free-spins-in-coin-master_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/free-robux-real-2021_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/free-robux-for-windows_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/rbxcity-free-robux_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/coin-master-free-coins-link-2021-deutsch_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/can-u-get-free-robux_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/hackear-juego-coin-master_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/coin-master-free-spins-link-2021_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/how-to-get-free-hats-on-roblox-2021_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/hacking-games-on-roblox_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/roblox-hack-download-pc_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/free-robux-downlod_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/free-stuff-on-roblox_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/free-robux-without-verification_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn4madiun.sch.id/__statics/gudangsoal/files/roblox-hack-tool-for-robux_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000033e4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x33E4 22876 bytes
SHA-256: e211a56b91da294b590a77c6bb2b912219ef5bd57c97172989111fcf3a87addb
font_01_sfnt_off00006723.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x6723 18400 bytes
SHA-256: 0cc69a54ece3ed14f72d45612a229cad946be49a09675100e3633ee455bac280