PDF static analysis report

Static analysis result for SHA-256 a06080dc9c1e69f7…

SUSPICIOUS

PDF

36.3 KB Created: 2021-06-28 00:19:32 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: cbb5c0152fba448a9670982c23a1f95b SHA-1: e1f66b8cfc2bd8955c0656823ea67ae4688e8bef SHA-256: a06080dc9c1e69f7cf3d591568bdddbb6a2155b437b4ca359a422b3ce28307f1
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

This PDF document contains embedded URLs and text that promote downloading cheats or hacks for games. The ML classifier strongly indicates malicious intent, likely to deliver a secondary payload or malware disguised as game enhancements. The primary IOC is the URL http://netcdn.co/app/431946152/roblox-cheat-god-mode-game-hack, which is presented as the download source.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/roblox-cheat-god-mode-game-hack PDF link annotation
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/windows-10-minecraft-hacks_GM479516143.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/roblox-a-cawnt-hack_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/free-minecraft-coins_GM479516143.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/free-robux-no-human-verification-or-survey-or-download-2021_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/real-free-robux-codes_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/coin-master-free-link-today_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/hack-to-get-free-spins-on-coin-master_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/how-to-get-free-tiktok-likes_GM835599320.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/coin-master-free-spin-today_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/how-to-download-minecraft-windows-10-edition-for-free_GM479516143.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/free-appsfor-coin-master-daily-rewards_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/rbx-gg-free-robux_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/free-robux-that-actually-works_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/coin-master-spin-blogspot_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/free-roblox-hack-us_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/coin-master-free-link-2021_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/how-to-earn-free-stars-on-coin-master_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/what-is-robux-in-roblox_GM431946152.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/coin-master-hack-mod-game-download_GM406889139.pdfIn PDF document text
    • http://elearning.mtsn2kulonprogo.sch.id/__statics/gudangsoal/files/moonactive-free-spins-2021_GM406889139.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000359d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x359D 22792 bytes
SHA-256: bfbcc0bfd5dcd540b7340cf211c23b0269b74c6ec5a50f591ff6f8690505a859
font_01_sfnt_off000068ac.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x68AC 19124 bytes
SHA-256: 7acbd7be7b4b6792db136121778fc6539074a5b1a76547b62c0e335af1749934