Malicious PDF — malware analysis report

Static analysis result for SHA-256 955fdef719faf154…

MALICIOUS

PDF

34.5 KB Created: 2021-07-07 04:35:47 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: 24e6f17f0feca86f9b6c4e5011dac06b SHA-1: b63bc68e2b76048c034658d9471042448391cef7 SHA-256: 955fdef719faf1549f537f84fd9f5087376af4e91986f003d01762387b092b9f
102 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged by an ML classifier as malicious and contains numerous external links, many of which are structured as a link farm. The document body and extracted URLs suggest a lure for users seeking game cheats or in-game currency, likely leading to malware downloads or phishing sites. The presence of embedded URLs and the overall structure indicate an attempt to direct users to external resources for malicious purposes.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.tw/app/406889139/clean-master-hack-coins-game-hack
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/hackear-coin-master-android_GM406889139.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/websites-that-give-you-free-robux_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/free-spins-coin-master-links-blogspot_GM406889139.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/how-to-change-your-username-in-roblox-for-free_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/free-robux-without-human-verification-2021_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/roblox-cheat-enjen_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/free-daily-coin-master-coins_GM406889139.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/minecraft-creative-mode-free_GM479516143.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/free-robux-no-scam-no-human-verification-2021_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/minecraft-rtx-download-free_GM479516143.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/cheat-engine-max-health-roblox_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/how-you-get-free-robux_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/how-to-get-robux-free-sin-pastebin-2021-con-jugar_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/free-spins-for-coin-master-2021_GM406889139.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/roblox-admin-hack_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/how-to-get-free-robux-easy-hack_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/roblox-cheat-robux_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/free-robux-generator-no-survey-no-download-no-human-verification_GM431946152.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/coin-master-free-spins-link-2021-haktuts_GM406889139.pdf
    • https://elearning.mtsnkarawang.sch.id/__statics/gudangsoal/files/coin-master-heaven-free-spins_GM406889139.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003279.bin
224d10f71d6a97c8d0ccd6ed3464b4bd1b48d6788d5e8e83ebb7579ad60c448d		 pdf-font-stream PDF embedded font (sfnt) at offset 0x3279 22640 bytes
font_01_sfnt_off000064c0.bin
b792ad526cad4bfc6d994df976046642af0b8644436a9d4070e4c0c5b63ed45e		 pdf-font-stream PDF embedded font (sfnt) at offset 0x64C0 18080 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.