SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The ML classifier and embedded URL heuristics indicate malicious intent. The document body contains multiple links to external sites, likely serving as a lure for users to download potentially harmful content. No scripts were extracted, but the presence of numerous suspicious URLs suggests a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.7726
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.xyz/app/479516143/can-you-still-get-minecraft-windows-10-for-free-game-hack PDF link annotation
- http://perpustakaan.stikim.ac.id/slims/repository/free-coin-master-coins_GM406889139.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/how-to-make-a-server-in-minecraft-java-for-free_GM479516143.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/coin-master-unlimited-coins-hack-apk-download_GM406889139.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/coin-master-coins_GM406889139.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/how-do-i-get-minecraft-for-free_GM479516143.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/free-robux-no-offers_GM431946152.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/como-hackear-coin-master-sin-verificacion-humana_GM406889139.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/25-free-spins-coin-master_GM406889139.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/coin-master-mod-apk_GM406889139.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/how-to-download-minecraft-for-free-on-pc_GM479516143.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/roblox-executor-free_GM431946152.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/how-to-get-free-minecoins-in-minecraft_GM479516143.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/free-robux-codes-generator-no-verification_GM431946152.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/free-robux-no-verify_GM431946152.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/minecraft-aimbot_GM479516143.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/free-spins-coin-master-2021_GM406889139.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/free-robux-that-actually-works-2021_GM431946152.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/how-to-get-free-robux-2021-no-human-verification_GM431946152.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/coin-master-hack-apk-download-latest-version_GM406889139.pdfIn PDF document text
- http://perpustakaan.stikim.ac.id/slims/repository/cheating-hacks-for-coin-master_GM406889139.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off0000500b.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x500B | 30432 bytes |
SHA-256: 3b67a3a6f81e178dae0b607529bd11e0d41ea5429118b293e30bb586f372e038 |
|||
font_01_sfnt_off0000933b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x933B | 7996 bytes |
SHA-256: da70a0fbdf24bf798f75a7eb2fab391b717f208e6c1e6d39bbb3063091c249cd |
|||
font_02_sfnt_off0000ac9d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAC9D | 4232 bytes |
SHA-256: ab6320ab342704d2c5943abfba82ed4837bf2da871c91621741fd4cfd15c6ed5 |
|||
font_03_sfnt_off0000bb2a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBB2A | 18900 bytes |
SHA-256: 034db505498ac8c8519d8237c8b18b5343e7da842d12f3a540d738a1fb4a7f0f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.