PDF static analysis report

Static analysis result for SHA-256 a98fc51ddf78fd73…

SUSPICIOUS

PDF

35.4 KB Created: 2021-06-30 10:52:53 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: 420186f6db06a810ca6592429ec71ff5 SHA-1: 8de6c577883ca76a49e392cc689abc14e56b3829 SHA-256: a98fc51ddf78fd73c8b5bc021997a62043198ff34684f6555576fdfe261181ee
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous links to external websites, including one that directly advertises a 'free tiktok coins game hack'. The ML classifier strongly flagged this PDF as malicious, and the presence of embedded URLs suggests an attempt to redirect the user to a malicious download or phishing site. While no scripts were explicitly extracted, the PDF structure and embedded URLs indicate a likely attempt to trick users into downloading malware or visiting a compromised site.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/835599320/free-tiktok-coins-game-hack PDF link annotation
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/roblox-free-accessories-2021_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/roblox-cheat-geld-deutsch_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/how-to-hack-a-roblox-user-account-password-2021_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/client-minecraft_GM479516143.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/we-hack-roblox_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/free-robux-robux-zone-wordpress_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/free-minecraft-account-generator_GM479516143.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/roblox-hack-download-pc_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/coin-master-spin-hack-without-verification_GM406889139.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/roblox-potara-dragon-ball-rage-hack_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/roblox-prison-life-hacking_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/how-to-get-free-robux_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/free-robux-generator-no-survey-no-download-no-human-verification_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/fake-free-robux-place_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/como-instalar-hacks-de-roblox-en-infinite-anime_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/free-robux-hack-2021-android_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/how-to-hack-a-minecraft-server-and-make-yourself-op_GM479516143.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/free-spin-coin-master-instagram_GM406889139.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/roblox-cheat-codes-mining-simulator_GM431946152.pdfIn PDF document text
    • https://e-learning-mi-nurussaadah.com/__statics/gudangsoal/files/how-to-get-unlimited-robux-for-free-2021_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003578.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3578 22944 bytes
SHA-256: 883ddf67a1baa1fab3bb017df57451e5f489f1f0f073563fbaaae81167e1c211
font_01_sfnt_off000068dc.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x68DC 17972 bytes
SHA-256: fcfbb39a4b44212e2e83dd056e0e3d1a7bdbc0b6b7e3536e733aaa92041c090a