PDF static analysis report

Static analysis result for SHA-256 99a18cf7cc8cf909…

SUSPICIOUS

PDF

56.2 KB Created: 2021-05-10 14:06:51 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-17
MD5: ec314a179ba5865dd5afd6306f50b6c7 SHA-1: 110dd188c7e2529e0872367ff03bfda0a06d2bf2 SHA-256: 99a18cf7cc8cf909c2eb4ef452459825892515cf11b5d687421341df5df27868
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains embedded URLs and a document body that strongly suggests a lure for users seeking free in-game currency or items. The ML classifier also flagged this PDF as malicious. While no scripts were explicitly extracted, the presence of external URIs and the nature of the content indicate a phishing or scam attempt, likely leading to a malicious download.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7915

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/406889139/coin-master-free-spins-generator-no-verification-game-hack PDF link annotation
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/free-robux-working_GM431946152.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/free-robux-codes_GM431946152.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/free-spins-for-coin-master-2021_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/free-robux-generator-no-human-verification-2021_GM431946152.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/free-robux-for-kids_GM431946152.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/haktuts-coin-master-hack_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/robux-websites-2021_GM431946152.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/how-to-make-a-minecraft-bedrock-server-for-free_GM479516143.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/how-to-hack-roblox-to-get-free-robux_GM431946152.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/how-to-get-free-shields-on-coin-master_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/coin-master-hack-game-download-ios_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/coin-master-free-coins_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/coin-master-free-daily-spins-and-coins_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/coin-master-free-online-game_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/master-coin-hack_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/free-robux-hack-no-human-verification-or-survey_GM431946152.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id/repository/minecraft-ps4-free_GM479516143.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/coin-master-free-spins-link-today-facebook_GM406889139.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/free-robux-com_GM431946152.pdfIn PDF document text
    • http://muliadarmapratama.ac.id/perpus.muliadarmapratama.ac.id//repository/free-robux-giveaway_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00004e81.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x4E81 26928 bytes
SHA-256: 145ef2898e692ed12f5a9f2ea724921b0a3d6a3e1c03149de21876a0ec645cb3
font_01_sfnt_off00008da9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8DA9 3088 bytes
SHA-256: e7854aff7cbc8fbdeb85d2b3d6248d12dc820ede8a581f4eac107fa6446c2222
font_02_sfnt_off00009874.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9874 7960 bytes
SHA-256: cf7ae5cf6bef3222f5a26bec705b492fed0278aec6b16ec101aeda46e0edd2b2
font_03_sfnt_off0000ab99.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAB99 18020 bytes
SHA-256: cc763048b76c9189c14999db918bcac9f3f262aeea1a03aaf6cd39ac3f323e93
font_04_sfnt_off0000ccd4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xCCD4 4272 bytes
SHA-256: fac9a06ceb5574feb8580c075df3ef69dfbd0efa4947186cfe90f11b68eaafb0