PDF static analysis report

Static analysis result for SHA-256 8dc13f1f974d22d1…

SUSPICIOUS

PDF

7.7 KB Created: 2021-07-09 02:27:45 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: d6dda901f73a8f47fac74e9373adab58 SHA-1: 525639eecf619d8b4ab972a2f241e6e5a26de345 SHA-256: 8dc13f1f974d22d1ae1c99c1974a56be368d806e59765301096eb0d5700954ec
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF contains an external URI pointing to a file named 'wurst-115-2-game-hack', suggesting a lure for game-related exploits or cheats. The ML classifier also flagged this PDF as malicious with high confidence. The document body, though partially corrupted, contains references to game hacks and the suspicious URL, reinforcing the phishing attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9796

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.tw/app/479516143/wurst-115-2-game-hack PDF link annotation
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/free-robux-all-need-is-user-name_GM431946152.pdfIn PDF document text
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/get-free-robux-no-human-verification_GM431946152.pdfIn PDF document text
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/free-minecraft-videos_GM479516143.pdfIn PDF document text
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/easy-robux-hack_GM431946152.pdfIn PDF document text
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/coin-master-spin-hack-app_GM406889139.pdfIn PDF document text
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/coin-master-hack-ios-no-jailbreak_GM406889139.pdfIn PDF document text
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/how-to-get-free-robux-on-roblox-2021_GM431946152.pdfIn PDF document text
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/free-spins-on-coin-master-2021_GM406889139.pdfIn PDF document text
    • https://www.st-leonards-stafford.staffs.sch.uk/admin/ckfinder/userfiles/files/pokemon-go-free-metagross_GM1094591345.pdfIn PDF document text