PDF static analysis report

Static analysis result for SHA-256 037e35f9075cc3f8…

SUSPICIOUS

PDF

29.2 KB Created: 2021-07-19 12:06:21 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 132e0f9598a234771ba372e0fc155eb2 SHA-1: 44c115fe38f6a0756cb7237c68eb7d73b1ab1031 SHA-256: 037e35f9075cc3f8c20fe9d79b3a795e9146cd0a403b50b4094c32a1135c1b78
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document body and extracted URLs indicate a lure for free Robux, a popular online game currency. The embedded URLs likely lead to phishing pages or malware download sites. The ML classifier strongly flagged this PDF as malicious, supporting the suspicious nature of the content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9984

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.tw/app/431946152/huskybucks.com-free-robux-game-hack PDF link annotation
    • http://energotestcontrol.ru/images/minecraft-java-free_GM479516143.pdfIn PDF document text
    • http://energotestcontrol.ru/images/microsoft-free-robux_GM431946152.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-get-free-followers-on-tiktok_GM835599320.pdfIn PDF document text
    • http://energotestcontrol.ru/images/minecraft-windows-10-hacks_GM479516143.pdfIn PDF document text
    • http://energotestcontrol.ru/images/free-robux-cards_GM431946152.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-get-minecraft-for-free-on-pc_GM479516143.pdfIn PDF document text
    • http://energotestcontrol.ru/images/free-robux-no-human-verification-or-survey-2021_GM431946152.pdfIn PDF document text
    • http://energotestcontrol.ru/images/free-robux-no-verify_GM431946152.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-get-free-robux-no-verification_GM431946152.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-hack-into-someones-roblox-account_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002919.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2919 22872 bytes
SHA-256: c07d5121d9e965ea264524f546b55e95d07fd410d03eefca8dcf1483a45ef0f6