PDF malware analysis — malicious · ea684ea490f9103a

MALICIOUS

PDF

9.6 KB Created: 2021-05-16 15:01:13 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04

MD5: 97d1cc2a3698f44c2d437bc748b483e3 SHA-1: af389835b7e1fcc907a567377d075074de1a0665 SHA-256: ea684ea490f9103af897d873a54a411002703fde0034e3427e8adb2a71a6b8f2

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF contains an embedded URL that points to known malicious redirector infrastructure. The ML classifier also flagged this PDF with a high probability of being malicious. The document body, though partially corrupted, contains text related to 'Coin Master Hack Site' and the malicious URL, suggesting a lure for users interested in such topics. No scripts were extracted, but the presence of a malicious URL is a strong indicator of malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 0.9895

Heuristics 2

PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK

PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://netcdn.xyz/app/406889139/legit-coin-master-hack-site-zyngaplayerforums.com-game-hack In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.