MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains embedded links and a call-to-action phrase, consistent with social engineering to trick users into downloading potentially malicious content. The ML classifier also flagged this PDF as malicious. The primary lure appears to be a 'Minecraft hack client' hosted on netcdn.xyz.
Machine Learning
- Nyx PDF Classifier malicious score 0.8060
Heuristics 4
-
ClickFix social engineering attack high SE_CLICKFIXDocument instructs the user to press Win+R or paste a command into a terminal — consistent with ClickFix attacks that bypass macro restrictions by tricking users into running malicious commands directly
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.xyz/app/479516143/minecraft-pe-hack-client-game-hack PDF link annotation
- http://elearning.mtsn7agam.sch.id/__statics/gudangsoal/files/free-robux-no-survey_GM431946152.pdfIn PDF document text
- http://elearning.mtsn7agam.sch.id/__statics/gudangsoal/files/coin-master-free-spin-reward-links_GM406889139.pdfIn PDF document text
- http://elearning.mtsn7agam.sch.id/__statics/gudangsoal/files/free-spins-in-coin-master-without-human-verification_GM406889139.pdfIn PDF document text
- http://elearning.mtsn7agam.sch.id/__statics/gudangsoal/files/coin-master-cheat-engine-hack_GM406889139.pdfIn PDF document text
- http://elearning.mtsn7agam.sch.id/__statics/gudangsoal/files/coin-master-free-spins-promo-code_GM406889139.pdfIn PDF document text
- https://playhack.in/minecraftIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00003349.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3349 | 25204 bytes |
SHA-256: eb762f8a0d45494998526364af0266907bb2928522f3f316aa8480243e330323 |
|||
font_01_sfnt_off00006d1f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D1F | 2820 bytes |
SHA-256: 96a70491b0783ad8c6fc9b11a18f021aa22c69ac41ee4499b781d16a1b99b689 |
|||
font_02_sfnt_off000076bf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76BF | 17968 bytes |
SHA-256: a1bdeaf7b929e0321b1dbbf2b8f1cbdbbbd0c833166bb9e07af12e4b4538f125 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.