PDF static analysis report

Static analysis result for SHA-256 0b7fd1f56e78bb6a…

SUSPICIOUS

PDF

34.5 KB Created: 2021-07-02 01:56:19 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 0ef2f5d14b99f57489247fb2aa514b0a SHA-1: 177c1ec8f1bc67bce05ebdf65ee13d7adb7c9c27 SHA-256: 0b7fd1f56e78bb6a16ae6451d7b68b58e07fcf204d91695ab7a8af1b27ac51a7
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains lures related to free in-game items for Roblox, and an embedded URI points to a suspicious URL likely hosting a payload. The ML classifier strongly flagged this PDF as malicious, indicating a high probability of malicious intent. Although no scripts were explicitly extracted, the presence of embedded URLs and the document's theme suggest it is designed to trick users into downloading and executing further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/how-to-get-free-hats-robloxs-game-hack PDF link annotation
    • https://library.stikeswnpalu.ac.id/repository/coin-master-hack-cheat-generator-d_GM406889139.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/orewards-com-free-robux_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/pastebin-robux-promocode-hack_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/free-robux-generator-2021-robux-hack-no-survey-updated_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/minecraft-pe-hack-client-ios_GM479516143.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/how-to-hack-a-youtubers-roblox-account_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/free-robux-ad-banner_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/get-free-followers-on-tiktok_GM835599320.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/hack-web-tools-roblox_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/how-to-get-free-face-in-roblox-2021_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/roblox-phantom-forces-money-hack-2021_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/roblox-free-accessories_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/ex7-roblox-free_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/free-promo-codes-for-roblox-2021-not-expired-robux_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/changee-roblox-username-for-free_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/free-robux-no-human-verification-or-survey-2021_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/roblox-app-cheats_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/roblox-working-robux-hack_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/how-to-get-roblox-premium-for-free_GM431946152.pdfIn PDF document text
    • https://library.stikeswnpalu.ac.id/repository/roblox-free-virtual-item-codes_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002e4e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2E4E 23040 bytes
SHA-256: b559c40cb8f4bfc0708b13c7ff38de4cab723ebbe52ac7809b86e0ad50398141
font_01_sfnt_off00006239.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x6239 18920 bytes
SHA-256: 34b759b3a611b604723812540a566961c1c8cc9f165a10fc3ab387b08a8a78b6