PDF static analysis report

Static analysis result for SHA-256 06e6d82b51e36312…

SUSPICIOUS

PDF

58.7 KB Created: 2021-04-06 01:21:02 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: e372a1ce3a0bef6bddef6f3d0ade899a SHA-1: 1ffd3b3f241ef2f78b3bbd0ebc35467af72b278f SHA-256: 06e6d82b51e36312c6485e24e341df339e55377c98bafaa543c53e7fe73acc5a
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple embedded URLs, with one prominent URL pointing to a site offering 'free Robux' or 'item gratuit dans le catalogue Roblox hacker'. The ML classifier flagged this PDF as malicious, and the presence of external URIs and a visual download lure suggests a phishing or scam attempt. No scripts were extracted, but the overall structure and content indicate a social engineering tactic to redirect users to potentially harmful websites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/item-gratuit-dans-le-catalogue-roblox-hacker PDF link annotation
    • http://androidthai.in.th/images/how-to-get-free-avatar-animations-on-roblox.pdfIn PDF document text
    • http://ferienhaus-schmidl.at/images/how-to-get-free-builders-club-on-roblox-ipad.pdfIn PDF document text
    • http://www.teapotjewelry.com/images/free-robux-obby-working-2021.pdfIn PDF document text
    • https://www.inova-cuisine.fr/images/how-to-get-unlimited-free-robux-on-roblox-2021-1.pdfIn PDF document text
    • https://asesoriamss.com/images/roblox-unlimited-robux-cheat.pdfIn PDF document text
    • http://brusivojimi.com/images/hacked-via-roblox.pdfIn PDF document text
    • http://www.zdravazena.sk/images/free-online-photo-shop-for-roblox.pdfIn PDF document text
    • http://www.colma.it/images/roblox-hack-rs-2021.pdfIn PDF document text
    • https://bancroftandsons.com/images/how-do-u-hack-into-bases-on-sharpshooter-roblox.pdfIn PDF document text
    • https://www.air-shop.cz/images/free-robux-hack-copy-and-paste.pdfIn PDF document text
    • http://jdleducation.com/images/free-avatar-in-roblox-2021.pdfIn PDF document text
    • http://almacargo.com/images/free-summer-grl-free-roblox-skins.pdfIn PDF document text
    • http://autismoalbacete.org/images/how-to-get-hacked-account-back-in-roblox.pdfIn PDF document text
    • http://avocatultau.eu/images/creepy-hacker-roblox-face.pdfIn PDF document text
    • http://www.drent.se/images/free-gamepasses-roblox-v3rm.pdfIn PDF document text
    • http://posterprintshop.nl/images/free-item-roblox-pastebin.pdfIn PDF document text
    • http://www.anies.eu/images/how-to-script-hack-roblox.pdfIn PDF document text
    • http://www.brtes.com/images/robuxkingz-ml-free-robux.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/free-robux-services.pdfIn PDF document text
    • https://arcasict.nl/images/robux-hack-joining-groups.pdfIn PDF document text
    • http://cmfd.nl/images/youtube-roblox-cheat-engine-arcane-adventures.pdfIn PDF document text
    • http://mebliok.com.ua/images/how-to-get-promo-codes-robux-free.pdfIn PDF document text
    • http://www.guidaturisticaverona.it/images/bloxburg-roblox-free-money.pdfIn PDF document text
    • http://lechia-sedziszow.pl/images/how-to-get-free-robux-without-hacking-2021.pdfIn PDF document text
    • http://shootawayproduction.com/images/boku-no-roblox-hack-legendary-quirks.pdfIn PDF document text
    • https://www.eglihotel.gr/images/free-robux-codes-2021-no-survey.pdfIn PDF document text
    • http://www.e-lysis.com/images/roblox-dll-hack-352021.pdfIn PDF document text
    • http://solidkom.ch/images/how-to-hack-roblox-accounts-with-edit-this-cookie-2021.pdfIn PDF document text
    • http://ottawavalleykitchens.ca/images/how-to-get-free-items-in-roblox-no-pastebin.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/free-robux-promo.pdfIn PDF document text
    • https://bgescc.com/images/earn-free-robux-robloxwin.pdfIn PDF document text
    • http://leigraphics.com/images/username-and-password-roblox-free.pdfIn PDF document text
    • http://vedrachemicals.ro/images/how-to-hack-in-robux-ez.pdfIn PDF document text
    • http://bwharrisalumniusa.org/images/free-robux-v3rmillion.pdfIn PDF document text
    • http://boliviagasenergia.com/images/teleport-roblox-jilbreak-hack.pdfIn PDF document text
    • http://nalmpantistractors.gr/images/roblox-vehicle-simulator-money-hack-2021.pdfIn PDF document text
    • http://batterikungen.se/images/how-to-complete-a-survey-to-get-free-robux.pdfIn PDF document text
    • http://ce-tsv-nantes.fr/images/cheat-roblox-vehicle-simulator.pdfIn PDF document text
    • http://a1scan3d.com/images/free-robux-generator-2021-no-survey-or-human-verification.pdfIn PDF document text
    • https://gabrieliassociati.com/images/how-to-hack-roblox-using-dll.pdfIn PDF document text
    • http://legs11.co.za/images/roblox-free-robux-glitch-2021.pdfIn PDF document text
    • https://www.ferienhausdirektkroatien.de/images/free-robux-promo-codes-2021-not-expired.pdfIn PDF document text
    • http://shahriyarclimb.com/images/roblox-god-mode-hack.pdfIn PDF document text
    • http://cosver.eu/images/roblox-hack-working-2021.pdfIn PDF document text
    • http://www.cosver.nl/images/roblox-dick-hack.pdfIn PDF document text
    • http://pizzeria-rosso.pl/images/how-to-be-hacker-on-roblox.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/car-dealership-tycoon-roblox-hack-script-inf-money.pdfIn PDF document text
    • https://www.hotel-forsthaus.com/images/roblox-hacks-2021-level-7.pdfIn PDF document text
    • http://ernstgloves.co.il/images/games-on-roblox-that-will-give-u-free-hat-youtubecom.pdfIn PDF document text
    +15 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000823c.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x823C 27512 bytes
SHA-256: 232602df7b316719c7e7c194317d75e6655b743d890b96da6f91c6b031d140cd
font_01_sfnt_off0000bff7.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBFF7 18988 bytes
SHA-256: 0374f78dfc0aa150e10478958cb35b3debc89fe76cc67c88963e46f91374a7db