PDF static analysis report

Static analysis result for SHA-256 be15d3739ad66bde…

SUSPICIOUS

PDF

10.8 KB Created: 2021-06-18 16:24:27 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: d24530b8c6083dc11c071de0967af8bf SHA-1: 8d3825bb21f091abb97685554d67a523601deb20 SHA-256: be15d3739ad66bdedaf38ec1e47397ca4e29ef43e5f8e0cb150787574bbb9531
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document body and extracted URLs indicate a lure for free in-game currency (Robux, Coin Master spins) and game hacks. The ML classifier strongly flagged this PDF as malicious, and embedded URIs point to potentially malicious domains. While no scripts were explicitly extracted, the presence of embedded URIs and the ML classification suggest the PDF is designed to redirect users to malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9918

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/how-to-gtte-free-robux-2021-may-12-game-hack PDF link annotation
    • http://reggieslockandkey.com/images/coin-master-free-spin-daily-link_GM406889139.pdfIn PDF document text
    • http://reggieslockandkey.com/images/block-best-robux_GM431946152.pdfIn PDF document text
    • http://reggieslockandkey.com/images/free-robux-pastebin-com_GM431946152.pdfIn PDF document text
    • https://reggieslockandkey.com/images/free-spin-link-for-coin-master-game_GM406889139.pdfIn PDF document text
    • https://reggieslockandkey.com/images/free-24-7-minecraft-server_GM479516143.pdfIn PDF document text
    • http://reggieslockandkey.com/images/roblox-script-hack_GM431946152.pdfIn PDF document text
    • https://reggieslockandkey.com/images/free-minecraft-capes-no-mods_GM479516143.pdfIn PDF document text
    • http://reggieslockandkey.com/images/free-tiktok-followers-app_GM835599320.pdfIn PDF document text
    • http://reggieslockandkey.com/images/como-hackear-coin-master-ios_GM406889139.pdfIn PDF document text
    • http://reggieslockandkey.com/images/free-robux-live_GM431946152.pdfIn PDF document text
    • https://reggieslockandkey.com/images/how-to-get-free-tiktok-fans-without-human-verification_GM835599320.pdfIn PDF document text
    • https://reggieslockandkey.com/images/free-roblox-hair-boy-rainbow_GM431946152.pdfIn PDF document text
    • https://reggieslockandkey.com/images/how-to-block-someone-on-coin-master_GM406889139.pdfIn PDF document text
    • https://reggieslockandkey.com/images/free-robux-hack-no-human-verification_GM431946152.pdfIn PDF document text
    • https://reggieslockandkey.com/images/coin-master-hack-version-2021_GM406889139.pdfIn PDF document text
    • https://reggieslockandkey.com/images/code-free-robux_GM431946152.pdfIn PDF document text
    • http://reggieslockandkey.com/images/how-can-u-get-free-robux_GM431946152.pdfIn PDF document text
    • https://reggieslockandkey.com/images/watch-videos-for-robux_GM431946152.pdfIn PDF document text
    • http://reggieslockandkey.com/images/how-to-get-free-robux-easy-on-phone_GM431946152.pdfIn PDF document text
    • https://reggieslockandkey.com/images/cool-minecraft-hacks_GM479516143.pdfIn PDF document text