Malicious PDF — malware analysis report

Static analysis result for SHA-256 da8cf635f6edd27a…

MALICIOUS

PDF

35.9 KB Created: 2021-06-18 15:31:37 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: 805a164a7b6a8628e46f6727dff92e26 SHA-1: d3ff4216101808eee37ac644892bf5ed66cefa32 SHA-256: da8cf635f6edd27af5fc299d64a87a7d73acf1a077076ac973c84425501f430e
102 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains numerous embedded links and a primary external URI, all pointing to sites offering game cheats and hacks. The heuristic firings indicate a high likelihood of malicious intent, specifically a link farm designed to redirect users to potentially harmful content. The document body, while containing garbled text, includes keywords related to game exploits and URLs that reinforce this malicious lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 4

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/roblox-hack-clients-2021-aimbot-island-royale-game-hack
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/how-to-make-robux_GM431946152.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/facebook-coin-master-free-spins_GM406889139.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/coin-master-free-spins-and-coins-hack_GM406889139.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/minecraft-skins-free-girl_GM479516143.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/www-roblox-com-robux-free_GM431946152.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/free-tiktok-followers-no-human-verification_GM835599320.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/how-to-hack-into-someones-roblox-account_GM431946152.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/free-robux-generator-no-human-verification-2021_GM431946152.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/free-stuff-on-roblox-2021_GM431946152.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/coin-master-daily-free-spins-and-coins_GM406889139.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/how-to-get-free-stuff-on-roblox_GM431946152.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/roblox-free-rubox_GM431946152.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/coin-master-rare-cards-hack_GM406889139.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/gamehunters-coin-master_GM406889139.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/moonactive-coin-master-free-spins_GM406889139.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/mcpe-master-hack-unlimited-coins-latest-version_GM406889139.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/how-to-get-free-coins-on-tiktok_GM835599320.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/is-tiktok-free-app_GM835599320.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/free-robux-2021-no-verification_GM431946152.pdf
    • https://elearning.mtsn2kukar.sch.id/__statics/gudangsoal/files/50-000-free-spins-coin-master_GM406889139.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000325b.bin
a7ec90f0bb43d80c3061a8ea7b69956b586f0d93006effdfadf5e8baf315d17f		 pdf-font-stream PDF embedded font (sfnt) at offset 0x325B 22544 bytes
font_01_sfnt_off00006483.bin
013ba257f13579b3ebfae0e420b8f6be6e23ef6f575692bb46c1befe6d06c829		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6483 19896 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.