Malicious PDF — malware analysis report

Static analysis result for SHA-256 f485ad7f24d09079…

MALICIOUS

PDF

39.9 KB Created: 2021-05-17 07:00:41 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: b8e2bbc09257a630475da875429a662a SHA-1: 7900e6d0a4c84a8d6d58fbcbf346b36ac489322a SHA-256: f485ad7f24d0907970951fc0715fc3e65536eed68486b43461f9b5a793e77992
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains a fake CAPTCHA and a "Click here to download" lure, which are common social engineering tactics to trick users into executing malicious content. It also embeds a URL that leads to a "robux hack generator", further indicating a scam or malware distribution attempt. No scripts were extracted, but the embedded URL is the primary indicator of malicious intent.

Machine Learning

  • Nyx PDF Classifier clean score 0.0128

Heuristics 5

  • Fake CAPTCHA / human verification prompt high SE_FAKE_CAPTCHA
    Document displays a fake CAPTCHA or human-verification prompt — used to trick users into running commands or pressing keyboard shortcuts
  • Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
    Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/431946152/robux-hack-generator-game-hack
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003240.bin
d93e0047713e7b29145e46d70265063c0d6d72f186c2ddff2ff460af6b85a7de		 pdf-font-stream PDF embedded font (sfnt) at offset 0x3240 25656 bytes
font_01_sfnt_off00006d2c.bin
450e3ee45915afe13702bf1d587eb8b9ad88a8d2113419ac9f2fd116a828e139		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6D2C 5696 bytes
font_02_sfnt_off00007a3d.bin
f5433ce3dc9930d213a8e7315569ee207b9df6dd56817c97a1fb358bc14a6a3b		 pdf-font-stream PDF embedded font (sfnt) at offset 0x7A3D 18352 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.