MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 User Execution: Malicious File
The PDF document contains a direct link to download a 'hacked client' for Minecraft, indicating a lure for malware. The 'SE_CLICKFIX' heuristic suggests the document attempts to trick the user into executing a command, likely to download and run a malicious payload from the provided URL. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 5
-
ClickFix social engineering attack high SE_CLICKFIXDocument instructs the user to press Win+R or paste a command into a terminal — consistent with ClickFix attacks that bypass macro restrictions by tricking users into running malicious commands directly
-
QR-code redirect lure medium SE_QR_LUREDocument instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.xyz/app/479516143/minecraft-hacked-client-download-game-hack
- https://gestionpatrimonial.net/images/coin-master-apk-hack-2021-ios_GM406889139.pdf
- https://gestionpatrimonial.net/images/minecraft-xbox-360-free-download-code_GM479516143.pdf
- https://gestionpatrimonial.net/images/free-coin-master-hack-no-verification_GM406889139.pdf
- https://gestionpatrimonial.net/images/hack-coin-master-no-survey_GM406889139.pdf
- https://gestionpatrimonial.net/images/apps-for-free-spins-on-coin-master_GM406889139.pdf
- https://gestionpatrimonial.net/images/free-headless-head-roblox_GM431946152.pdf
- https://gestionpatrimonial.net/images/coin-master-hack-september-2021_GM406889139.pdf
- https://gestionpatrimonial.net/images/roblox-hack-apk_GM431946152.pdf
- https://gestionpatrimonial.net/images/hack-coin-master-online_GM406889139.pdf
- https://gestionpatrimonial.net/images/latest-free-spin-coin-master-daily_GM406889139.pdf
- https://gestionpatrimonial.net/images/where-can-i-get-free-spins-for-coin-master_GM406889139.pdf
- https://gestionpatrimonial.net/images/is-there-a-way-to-get-minecraft-for-free_GM479516143.pdf
- https://gestionpatrimonial.net/images/coin-master-hack-apk-no-survey_GM406889139.pdf
- https://gestionpatrimonial.net/images/roblox-free-robux-generator_GM431946152.pdf
- https://gestionpatrimonial.net/images/claimrobux-net_GM431946152.pdf
- https://gestionpatrimonial.net/images/how-to-get-free-robux-com_GM431946152.pdf
- https://gestionpatrimonial.net/images/rblx-gg-free-robux_GM431946152.pdf
- https://gestionpatrimonial.net/images/roblox-free-hair-girl_GM431946152.pdf
- https://gestionpatrimonial.net/images/free-coin-master-spins-2021_GM406889139.pdf
- https://gestionpatrimonial.net/images/claim-roblox_GM431946152.pdf
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off000049eb.bin1fb32ac8996f4ca0d9fb0be62cc8238fb91ec7dd4a1a9e9c58a67aed0971409b |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x49EB | 29940 bytes |
font_01_sfnt_off00008c39.bine3089071acaa3d725dff62b6cfe00465db2477317d389ff23f6444401690c9a2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8C39 | 18460 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.