PDF static analysis report

Static analysis result for SHA-256 0fa273c29373e8ee…

SUSPICIOUS

PDF

60.2 KB Created: 2021-04-06 00:29:55 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-05
MD5: 5540bd1d64499fea1988117b75b9e17b SHA-1: d0fcca2522d076086becb5b67a2bf011a5345178 SHA-256: 0fa273c29373e8eee39ceec66a10a46bddfe6ba83cea9f4f6478d546965a218b
50 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document contains a prominent link to a "Robux Hack Website" and uses urgency language, suggesting a phishing or scam lure. While no scripts were directly extracted, the PDF structure and embedded URIs indicate an attempt to redirect the user to a malicious site. The ML classifier also flagged the PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 4

  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/robux-hack-website PDF link annotation
    • https://www.audev.com/images/trigon-roblox-cheat.pdfIn PDF document text
    • https://gastroration.ru/images/roblox-prison-life-hack-2021.pdfIn PDF document text
    • http://arcnjournals.org/images/how-to-ban-people-in-roblox-hack-2021.pdfIn PDF document text
    • http://gruporamos.do/images/how-to-affect-the-server-roblox-hacks.pdfIn PDF document text
    • http://pandaplast.com/images/hack-para-booga-booga-roblox-2021.pdfIn PDF document text
    • http://hemmet-strand.dk/images/free-robux-jesse-tc.pdfIn PDF document text
    • http://hondenspecialist-engelien.nl/images/free-roblox-black.pdfIn PDF document text
    • https://www.foodsafety.cz/images/roblox-xxtrefetrxx-is-hacking.pdfIn PDF document text
    • https://newenglandafs.com/images/free-online-coding-courses-for-kids-roblox.pdfIn PDF document text
    • https://cdu-lengerich.de/images/roblox-jailbreak-keycard-cheat.pdfIn PDF document text
    • https://digitalsenseafrica.com.ng/images/girl-clothes-roblox-free.pdfIn PDF document text
    • http://sb2m.com.br/images/smiling-girl-roblox-free.pdfIn PDF document text
    • https://www.audev.com/images/roblox-games-free-online-games.pdfIn PDF document text
    • http://clubpure.org/images/roblox-cool-skin-free.pdfIn PDF document text
    • https://kimolos-link.gr/images/roblox-royale-high-hack-2021.pdfIn PDF document text
    • https://domoticaaplicada.com/images/how-to-hack-a-roblox-account-with-brutus.pdfIn PDF document text
    • https://www.romedia.gr/images/free-lvl-7-roblox.pdfIn PDF document text
    • https://eleganceautospa.ca/images/instalar-hack-btools-roblox.pdfIn PDF document text
    • http://heddalboring.no/images/yarxvin-roblox-hacks.pdfIn PDF document text
    • http://www.actae.gr/images/roblox-lumber-tycoon-2-hack-windows-6.pdfIn PDF document text
    • https://www.fenews.co.uk/images/roblox-legendary-football-vip-server-free-2021.pdfIn PDF document text
    • http://bvmg.nl/images/codes-for-skyscraper-tycoon-roblox-that-give-free-money.pdfIn PDF document text
    • http://www.vktzunami.cz/images/dlls-for-roblox-hacks.pdfIn PDF document text
    • http://www.drent.se/images/a-lot-of-free-robux.pdfIn PDF document text
    • https://ballaratcaravans.com.au/images/free-pants-roblox-catalog.pdfIn PDF document text
    • http://rainbowbuddha.academy/images/google-how-to-get-robux-for-free.pdfIn PDF document text
    • http://bunadsmaria.com/images/how-to-hack-into-a-roblox-account-2021.pdfIn PDF document text
    • https://www.ghknights.org/images/dbz-final-stand-roblox-hack.pdfIn PDF document text
    • http://erntefest2016.de/images/chocolateexe-hack-roblox.pdfIn PDF document text
    • http://escolaarboc.cat/images/how-to-get-robux-by-hacking.pdfIn PDF document text
    • https://www.seeingindependence.org/images/roblox-emotes-free-link.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/get-20-free-robux.pdfIn PDF document text
    • http://legs11.co.za/images/gfun-games-to-hack-on-roblox.pdfIn PDF document text
    • https://bdsm-centrum.com/images/how-to-get-unlimited-free-robux-on-roblox-2021-1.pdfIn PDF document text
    • https://www.osoc.com/images/critical-strike-hack-roblox.pdfIn PDF document text
    • http://aadvanderklaauw.nl/images/how-to-get-free-robux-in-games.pdfIn PDF document text
    • http://ukrainiansofbuffalo.com/images/3-ways-to-get-free-robux.pdfIn PDF document text
    • http://wiesbadener-marktplatz.de/images/does-cheat-engine-work-on-roblox-2021.pdfIn PDF document text
    • http://dermaceutic.co.uk/images/how-to-get-free-clothes-on-roblox-2021-no-bc.pdfIn PDF document text
    • http://kids-academy.pl/images/roblox-injector-hack-2021.pdfIn PDF document text
    • http://getthelook-bkk.com/images/get-free-robux-on-android-2021.pdfIn PDF document text
    • http://www.remiauclair.fr/images/candy-ice-cream-simulator-roblox-script-hack.pdfIn PDF document text
    • http://bluediffusion.it/images/nuebo-hack-de-robux-atualizasion.pdfIn PDF document text
    • http://medinup.pt/images/free-walking-animation-roblox.pdfIn PDF document text
    • http://urezerv.com/images/admin-free-robux.pdfIn PDF document text
    • http://butkimloai.com/images/where-to-enter-free-robux-codes.pdfIn PDF document text
    • http://cmme.it/images/hack-roblox-flood-escape-2.pdfIn PDF document text
    • https://www.alu-as.cz/images/free-robux-hacl.pdfIn PDF document text
    • https://www.saisystem.it/images/how-to-hack-roblox-assassin-2021.pdfIn PDF document text
    +14 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008118.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8118 26380 bytes
SHA-256: 6676cb273ca23c7c2c63ae7234d677658a8dda66acbf4da6a1435d8daed38aaa
font_01_sfnt_off0000bcec.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBCEC 3312 bytes
SHA-256: 40bd8eebcb3a0d68a8646f1930e84f30a44bfa48525263c6c528f0bc1e9c1677
font_02_sfnt_off0000c83b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC83B 18076 bytes
SHA-256: 47ecfb47fdd3d0aade33adde8a7bd8c6522d2168ab64e1fb3f3b5ebf0af79028