PDF static analysis report

Static analysis result for SHA-256 8cfc0bd3658863d8…

SUSPICIOUS

PDF

35.7 KB Created: 2021-07-07 02:19:51 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-17
MD5: 53e8d2552db611cbdd829aad9d4d256a SHA-1: 95f190842881011d30b805b46216345f88e63f39 SHA-256: 8cfc0bd3658863d8b1ea8d3809670cd80058057bf0b82da1484893b04f6cb165
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous URLs related to game hacks and free in-game currency, strongly suggesting a phishing or scam attempt. The ML classifier also flagged this PDF as malicious with high confidence. The presence of external URIs and the document's content indicate it is designed to trick users into visiting malicious sites, likely for credential harvesting or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.tw/app/431946152/how-to-get-free-robux-on-computer-game-hack PDF link annotation
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/roblox-free-robux-no-human-verification_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/how-to-hack-knife-simulator-roblox_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/coin-master-free-daily-spins-and-coins_GM406889139.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/hacks-abd-tricks-for-roblox_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/minecraft-linux-free_GM479516143.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/free-dominus-roblox_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/how-to-play-bloxburg-on-roblox-for-free_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/are-minecraft-realms-free_GM479516143.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/hunter-x-hunter-id-hack-roblox_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/free-admin-roblox_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/coin-master-hack-spin-generator_GM406889139.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/roblox-builders-club-free-2021_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/free-robux-without-verification_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/how-to-get-free-robux-easy-2021_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/twitter-coin-master-free-spins-link_GM406889139.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/coin-master-spins-2021_GM406889139.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/minecraft-svg-free_GM479516143.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/master-hack-coin_GM406889139.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/lazyblox-free-robux_GM431946152.pdfIn PDF document text
    • https://www.trendsfashionusa.com/uploaded_files/userfiles/files/links-for-coin-master-free-spins_GM406889139.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003007.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3007 23748 bytes
SHA-256: a32e033497673be2addc89678689fa04b92e6910674ae5a89d62173752638043
font_01_sfnt_off0000656b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x656B 19420 bytes
SHA-256: 4eeda5a53974dafe6a6a7eb0474e8c00647b290d21ead3df531c01c0ce008c20