PDF static analysis report

Static analysis result for SHA-256 0bca51c908771902…

SUSPICIOUS

PDF

59.7 KB Created: 2021-04-06 02:13:42 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 5db6d631284b8a024854b696b01dc8c6 SHA-1: 1b0bf0b5e6cbbd4cc8b914f3359edb7052d54cfc SHA-256: 0bca51c9087719025a4e75ce388fdc9362dca98ab02d6ca77df0e401dcf64275
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a lure related to 'Free Robux' and includes an external URI pointing to a website that also promises free Robux. The ML classifier flagged this PDF as malicious, and the presence of multiple embedded URLs suggests an attempt to redirect users to potentially harmful sites. While no scripts were explicitly extracted, the PDF structure and embedded URLs indicate a phishing or scam attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/9-legit-ways-to-get-free-robux PDF link annotation
    • http://www.pro-futuro.eu/images/set-roblox-hack.pdfIn PDF document text
    • http://www.visiblefilm.com/images/wahoo-gaming-co-free-robux-generator.pdfIn PDF document text
    • https://reggieslockandkey.com/images/free-roblox-doge-hat.pdfIn PDF document text
    • http://agrao.in/images/roblox-robux-quick-easy-cheat.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/irobux-fun-free-robux.pdfIn PDF document text
    • http://parkinsononline.com/images/how-to-get-roblox-gift-cards-for-free.pdfIn PDF document text
    • https://estalagemmonteverde.com.br/images/get-free-catalog-roblox.pdfIn PDF document text
    • http://mydevice.com.au/images/roblox-money-cheat-no-survey.pdfIn PDF document text
    • http://www.mjclautrec.fr/images/protosmasher-roblox-free-download.pdfIn PDF document text
    • https://semanasantacehegin.com/images/how-to-get-2021-robux-on-roblox-free-2021.pdfIn PDF document text
    • http://baah.ca/images/free-roblox-admin-codes.pdfIn PDF document text
    • http://www.mjclautrec.fr/images/roblox-avatar-skins-for-free.pdfIn PDF document text
    • http://spstrading-th.com/images/roblox-hack-ulimited-robux.pdfIn PDF document text
    • http://www.lascalamilanowallcovering.it/images/comment-hacker-le-jeux-roblox-sur-buku-no-roblox.pdfIn PDF document text
    • http://modenese.net/images/roblox-btools-hack.pdfIn PDF document text
    • http://ivalor.fr/images/free-animation-2021-roblox.pdfIn PDF document text
    • http://sealysports.com/images/how-to-hack-someones-roblox-account-with-cheat-engine.pdfIn PDF document text
    • https://hassel-event.de/images/denisdaily-free-robux-website.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/nathorix-free-robux.pdfIn PDF document text
    • http://www.mikramarine.gr/images/hacks-para-roblox-2021-descargar.pdfIn PDF document text
    • http://76remont-kvartir.ru/images/free-redem-code-roblox.pdfIn PDF document text
    • http://apkmaykop.ru/images/get-free-robux-gg.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/how-to-fly-on-roblox-hack.pdfIn PDF document text
    • http://axia-verlag.at/images/roblox-how-to-get-free-stylish-animation.pdfIn PDF document text
    • http://uptodate.az/images/gaming-cheats-com-robux.pdfIn PDF document text
    • https://sitam.co.in/images/cute-free-outfits-on-roblox.pdfIn PDF document text
    • https://www.lomrad.go.th/images/robloxs-got-talent-painting-hack.pdfIn PDF document text
    • http://mechanism.gr/images/roblox-how-to-get-free-clothes-without-bc.pdfIn PDF document text
    • http://codicicolori.com/images/roblox-2021-hack.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/hack-of-2021-roblox.pdfIn PDF document text
    • http://julo-it.net/images/hack-robux-2021-no-human-verification.pdfIn PDF document text
    • http://androidthai.in.th/images/roblox-vehicle-tycoon-hack.pdfIn PDF document text
    • http://giolantapepe.gr/images/get-robux-free-button.pdfIn PDF document text
    • http://www.eaapiaria.es/images/robux-gainer-hack.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/free-roblox-script-execuiter-2021.pdfIn PDF document text
    • http://lichtdrukkerijwijchen.nl/images/how-to-hack-roblox-experiment-lab.pdfIn PDF document text
    • https://www.milewood.co.uk/images/all-2021-2021-free-roblox-items.pdfIn PDF document text
    • http://hydroconseil.com/images/roblox-woodcutter-simulator-cheats.pdfIn PDF document text
    • http://legitame.org/images/free-robux-com-generator.pdfIn PDF document text
    • https://ccej.lviv.ua/images/discord-king-of-queen-roblox-cheat.pdfIn PDF document text
    • http://nitetpl3.com/images/free-robux-no-survey-no-download-2021.pdfIn PDF document text
    • https://gabrieliassociati.com/images/guuuddinfo-roblox-online-hack-for-free.pdfIn PDF document text
    • https://gzog.pl/images/free-roblox-accounts-with-lifetime-obc-2021.pdfIn PDF document text
    • http://aiyta.com/images/hack-server-roblox-script.pdfIn PDF document text
    • http://ohsawamacrobiotics.com/images/free-cute-roblox-tops.pdfIn PDF document text
    • http://ilifemarket.ru/images/https-rbxcity-com-free-robux.pdfIn PDF document text
    • http://gestibrok.com/images/roblox-terminal-railway-admin-train-cheat.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/1-1-1-1-roblox-hacker.pdfIn PDF document text
    • http://energyline.co/images/free-imits-in-catolg-in-roblox.pdfIn PDF document text
    +11 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008087.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8087 24980 bytes
SHA-256: cf749fe5008248ad06db21aafc9422c2383cff2a6a0a80a79276f6f87a0f010c
font_01_sfnt_off0000ba4a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBA4A 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c3fa.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC3FA 18720 bytes
SHA-256: 6206d3d36840da48161456fd0a22b887a6dedb37fffea8f4d01949ec609c5c02