PDF static analysis report

Static analysis result for SHA-256 11aa5878b132350a…

SUSPICIOUS

PDF

51.5 KB Created: 2021-04-02 16:47:46 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-17
MD5: ab9a5d52b1b4eec06548221d0b908bfa SHA-1: 672e71794b22ecd27b69f78c2b342c5df8954a82 SHA-256: 11aa5878b132350a107fac1b481ce72b253a0b005d3bcd50e1c911b46e111f6e
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple embedded URLs and a heuristic firing for an external URI, all pointing to websites related to 'Roblox hacks' and 'free Robux'. The document body also contains similar lures. This suggests a phishing or scam attempt designed to trick users into visiting malicious sites. No scripts were extracted, limiting the analysis of direct malicious execution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8382

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-hack-roblox-bloxys-arcades PDF link annotation
    • https://accord.kiev.ua/images/roblox-hacker-2021.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/hmm-roblox-hacks.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/roblox-welcome-to-roblox-building-hack.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/free-robux-no-human-verifivation-no-survey.pdfIn PDF document text
    • http://hemmet-strand.dk/images/ahmed-roblox-hack.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/how-to-hack-somebody-on-roblox.pdfIn PDF document text
    • http://www.torvet11.dk/images/free-promo-codes-roblox-2021-june.pdfIn PDF document text
    • https://www.lomrad.go.th/images/youtube-roblox-hack-elemental-battle-ground.pdfIn PDF document text
    • http://domaizdereva24.ru/images/roblox-instakill-npc-hack.pdfIn PDF document text
    • https://estalagemmonteverde.com.br/images/assian-free-knife-code-roblox.pdfIn PDF document text
    • https://www.foodsafety.cz/images/roblox-how-to-get-free-robux-without-hacks.pdfIn PDF document text
    • https://www.sinaloadiario.mx/images/hack-roblox-net.pdfIn PDF document text
    • https://sitam.co.in/images/roblox-free-stuff-in-catalog.pdfIn PDF document text
    • https://www.air-shop.cz/images/fly-hack-for-roblox-2021.pdfIn PDF document text
    • https://www.romedia.gr/images/free-robux-hack-ohne-telefonnummer.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/cool-roblox-outfits-for-fre.pdfIn PDF document text
    • http://www.fluidtech.hu/images/hacks-tools-roblox.pdfIn PDF document text
    • http://www.fluidtech.hu/images/roblox-noob-vs-pro-vs-hacker-vs-glitcher.pdfIn PDF document text
    • http://kids-academy.pl/images/scripts-for-free-robux.pdfIn PDF document text
    • https://www.hbproducts.dk/images/free-roblox-shop.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/come-hack-my-account-youtube-roblox.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/bypass-chat-hack-roblox.pdfIn PDF document text
    • http://www.vktzunami.cz/images/why-you-shouldnt-trust-free-robux-scams.pdfIn PDF document text
    • https://verdensbarn.no/images/deadzone-roblox-hack.pdfIn PDF document text
    • http://www.exikom.com.ua/images/roblox-hack-prision-life-2021.pdfIn PDF document text
    • https://crank.ee/images/hacks-for-money-on-roblox.pdfIn PDF document text
    • http://www.copoint.co.uk/images/roblox-dayz-cheat-codes-xbox-one.pdfIn PDF document text
    • https://amatq.ca/images/script-how-to-get-free-robux.pdfIn PDF document text
    • http://www.hawler.in/images/free-robux-generator-no-survey-or-download-2021.pdfIn PDF document text
    • https://www.cnte.org.br/images/robux-for-free-no-scam.pdfIn PDF document text
    • http://pa-tanjungselor.go.id/images/roblox-admin-hack-scropt.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/are-there-any-free-items-in-the-store-for-roblox.pdfIn PDF document text
    • http://www.actae.gr/images/how-to-report-being-hacked-on-roblox.pdfIn PDF document text
    • https://gomsa.nl/images/number-glitch-free-robux.pdfIn PDF document text
    • https://www.milewood.co.uk/images/custom-admin-roblox-hack.pdfIn PDF document text
    • http://kids-academy.pl/images/wearedevs-roblox-exploits-and-hacks--cheats.pdfIn PDF document text
    • http://kids-academy.pl/images/free-stuff-on-roblox-2021.pdfIn PDF document text
    • http://salantiskis.lt/images/how-to-hack-roblox-experiment-lab.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/cap-free-roblox.pdfIn PDF document text
    • http://www.cosver.nl/images/how-to-hack-in-roblox-jailbreak-2021.pdfIn PDF document text
    • https://www.romedia.gr/images/hack-roblox-rage.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/speed-hack-mac-roblox.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/how-to-get-robux-on-roblox-for-free-no-download.pdfIn PDF document text
    • http://www.tamogatoweb.hu/images/free-jeff-the-killer-face-roblox.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/how-to-get-free-robux-2021-no-verification.pdfIn PDF document text
    • https://www.udivadlahotel.cz/images/roblox-hack-tk.pdfIn PDF document text
    • https://www.sinaloadiario.mx/images/how-to-make-hacks-for-roblox.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/roblox-free-robux-may-2021-codes.pdfIn PDF document text
    • http://www.mjclautrec.fr/images/cool-items-roblox-free-and-how-to-get-them.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000059df.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x59DF 27812 bytes
SHA-256: fd7efac7e65d4d88383b5437aac43212899e8df0476425111f06d289ccb44b26
font_01_sfnt_off00009796.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9796 5696 bytes
SHA-256: 450e3ee45915afe13702bf1d587eb8b9ad88a8d2113419ac9f2fd116a828e139
font_02_sfnt_off0000a4a7.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA4A7 18264 bytes
SHA-256: f0ff2c3e12094323740a8d11a4618fd14d4a1ffd4ce7906266ecc8d93a8e7692