PDF static analysis report

Static analysis result for SHA-256 cb02df05c8dd9014…

SUSPICIOUS

PDF

43.0 KB Created: 2021-05-17 11:40:16 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 70dbe441636a614cc6fe217a96657682 SHA-1: 53149cf3a964ca4a8dc3cc13f540e1f29b599a55 SHA-256: cb02df05c8dd901427e2520b0290d78e708a9e8297e1b06c4131f14442c20aab
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a prominent link to a "coin-master-free-spins-generator-game-hack" URL, suggesting a lure for users seeking in-game advantages. While no scripts were explicitly extracted, the ML classifier and PDF URI heuristics strongly indicate malicious intent. The document body, though heavily corrupted, contains references to generators and hacks, reinforcing the phishing or scam nature of the content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9971

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/406889139/coin-master-free-spins-generator-game-hack PDF link annotation
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/get-me-robux-for-free_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/free-robux-without-human-verification-real_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/free-gold-cards-in-coin-master_GM406889139.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/free-robux-hack-no-human-verification_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/minecraft-bedrock-client_GM479516143.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/how-to-get-coin-master-card-free_GM406889139.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/blox-best-robux_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/coin-master-email-rewards_GM406889139.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/how-to-get-free-minecraft-skins_GM479516143.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/minecraft-pocket-edition-free_GM479516143.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/best-way-to-get-free-robux_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/roblox-hack-app_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/free-robux-images_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/how-to-hack-coin-master-pc_GM406889139.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/how-to-get-free-robux-hack_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/coin-master-free-spins-1-coin-master_GM406889139.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/free-robux-no-downloading-apps_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/free-robux-survey_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/robux-hack-me_GM431946152.pdfIn PDF document text
    • https://www.wellonaindia.com/uploaded_files/userfiles/files/free-spins-on-coin-master-link_GM406889139.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00004cfb.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x4CFB 25848 bytes
SHA-256: 06e41c0620ec1d0fd4dd0ea123d468057ac55c3b3254768f28b89d15763c6d7b
font_01_sfnt_off000086e0.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x86E0 17884 bytes
SHA-256: 61e0f30a550a552155c2db6a7959ee396d6a34ca680bb4676c065f633eb1cbfa