PDF static analysis report

Static analysis result for SHA-256 a8574d636845c0d5…

SUSPICIOUS

PDF

53.3 KB Created: 2021-06-03 19:29:52 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: 863b050e124d83709cf5d06ca80e6779 SHA-1: 8b7555cb9935bd221457252b38a6f24016d4515b SHA-256: a8574d636845c0d5180f79c7601dba75496fe588c4742725522b8bc36dfea856
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a prominent external URI pointing to a site offering 'free Robux game hack', suggesting a lure for users seeking in-game advantages. The ML classifier also flagged this PDF as malicious. While no scripts were directly extracted, the PDF structure and embedded URI indicate an attempt to redirect the user to a malicious download site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9616

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.online/app/431946152/sites-to-get-free-robux-game-hack PDF link annotation
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/free-coin-master-cheats_GM406889139.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/coin-master-coin-hack_GM406889139.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/free-robux-gen_GM431946152.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/best-free-minecraft-hacked-client_GM479516143.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/robux-website_GM431946152.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/free-robux-codes-generator_GM431946152.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/minecraft-xbox-360-free_GM479516143.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/free-roblox-generator_GM431946152.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/how-to-get-free-coins-on-coin-master-hack_GM406889139.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/free-spin-coin-master-twitter_GM406889139.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/how-to-get-a-cape-in-minecraft-for-free_GM479516143.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/free-spin-link-for-coin-master_GM406889139.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/coin-master-35-2-hack_GM406889139.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/minecraft-download-free-download_GM479516143.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/free-coins-and-spins-coin-master_GM406889139.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/how-to-get-free-robux-without-verification-or-surveys_GM431946152.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/a-lot-of-robux_GM431946152.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/clients-minecraft_GM479516143.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/get-me-robux-for-free_GM431946152.pdfIn PDF document text
    • https://e-learning.mtsdditakkalasi.com/__statics/gudangsoal/files/robux-fun-hack_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off0000570b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x570B 25508 bytes
SHA-256: 218d8e326af5908e451042e0ed58de03fc699213cb237afcaa51dd12a283303f
font_01_sfnt_off000091d3.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x91D3 8704 bytes
SHA-256: ddfd86c88a6b8304bc31eeb9f28c8110fac325cdacc87503bacf4ac741777490
font_02_sfnt_off0000ae3d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAE3D 18236 bytes
SHA-256: b3c6e6b81f0aade665b3e9e34fb665158f9d1803db8458128eb468a961d6d74b