PDF static analysis report

Static analysis result for SHA-256 dabe8be37506e43a…

SUSPICIOUS

PDF

18.4 KB Created: 2021-06-18 19:56:11 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 31fb8e439058bb552f0e0dc052ff28f1 SHA-1: ebad9837935de840e9ea2e434c2a535bae23ae09 SHA-256: dabe8be37506e43a8fb7cfec9bc8d571a664926a85c26de4a312026c6354e540
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous embedded URLs, many of which are related to game hacks and free in-game currency, suggesting a lure to download malicious content. The ML classifier also flagged this PDF as malicious with high confidence. No scripts were extracted, but the presence of external URIs and the ML detection strongly indicate a malicious intent to redirect users to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9971

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/roblox-hacking-peobel-game-hack PDF link annotation
    • http://mtsn-baranti.com/perpus/repository/free-coins-app-for-coin-master_GM406889139.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/gears-online-roblox-hack_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/roblox-com-free_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/can-you-give-me-free-robux_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/roblox-dominus-free_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/arsenal-hacks-roblox_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/roblox-free-executor_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/free-20210-robux_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/how-to-download-minecraft-for-free-on-iphone_GM479516143.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/roblox-interceptor-hack_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/free-roblox-hair-to-wear_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/how-to-get-free-robux-hack_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/ww-roblox-come_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/coin-master-free-stuff_GM406889139.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/hot-to-hack-roblox_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/robux-codes_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/free-robux-human-verification_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/roblox-free-no-download_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/free-robux-generator-no-verification-2021_GM431946152.pdfIn PDF document text
    • http://mtsn-baranti.com/perpus/repository/minecraft-anarchy-server-no-hacks_GM479516143.pdfIn PDF document text