Malicious PDF — malware analysis report

Static analysis result for SHA-256 872d8325e1abbb56…

MALICIOUS

PDF

41.7 KB Created: 2021-05-17 21:34:26 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: b54ab1804c35d5d6cb6ddba8ed3c808a SHA-1: b20ea1b00b1c4910e78309b83d40da4519f5f023 SHA-256: 872d8325e1abbb5631bd2baefa28989a9a3be4ce32318118476c097aec4f637a
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The document contains a lure for a game hack, referencing a download URL and instructing the user to interact with remote support tools. This suggests a social engineering attack aimed at tricking the user into downloading potentially malicious software or granting remote access. No scripts were extracted from this sample, limiting further analysis of its execution flow.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9971

Heuristics 4

  • Remote-support tool lure high SE_REMOTE_SUPPORT_LURE
    Document instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/479516143/free-minecraft-client-game-hack
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-spin-hack-coin-master-2021_GM406889139.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-mods-for-coin-master_GM406889139.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-spins-coin-master_GM406889139.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-robux-codes-not-used_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/coin-master-free-spins-23-march-2021_GM406889139.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/minecraft-cracked-client_GM479516143.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-robux-games-that-actually-work-2021_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-robux-no-download_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/roblox-arsenal-hack-script-pastebin_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/get-free-robux_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/coin-master-free-spin-link-list_GM406889139.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-robux-no-offers_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/http-bitly-coin-master-free-2021-spins_GM406889139.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-robux-hacks-no-verification_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/free-robux-without-human-verification-2021_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/coin-master-free-2021-spin-link_GM406889139.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/codes-to-get-free-robux_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/roblox-gift-card-online-free_GM431946152.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/hack-coin-master-game-download_GM406889139.pdf
    • https://elearning.mtsn4kotajambi.sch.id/__statics/gudangsoal/files/coin-master-cheats-for-free-spins_GM406889139.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00004ce5.bin
b00f673ee633e562d2cf9da9d765c7486fe9eadfc478e8913f87e174d62dad33		 pdf-font-stream PDF embedded font (sfnt) at offset 0x4CE5 24172 bytes
font_01_sfnt_off000082cc.bin
ce5b71cd939a97bbe405c9e475902c75b00f7b9e8e716883d10cd93b76626efe		 pdf-font-stream PDF embedded font (sfnt) at offset 0x82CC 17644 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.