PDF static analysis report

Static analysis result for SHA-256 1b264e39874848de…

SUSPICIOUS

PDF

59.5 KB Created: 2021-04-05 19:38:30 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: bffb06a8da8f40ff2480acad2f1b278b SHA-1: 314f686b8b42bb3a1eb79f9611dfbf4e60d4adcb SHA-256: 1b264e39874848de31b8fca8ea46aef017a45977c57756476609eeacb6bec126
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous URLs, many of which are related to 'Roblox hacks' or 'free Robux', suggesting a social engineering lure. The presence of an external URI heuristic firing on 'http://gaminggenerator.org/app/431946152/hack-inventary-roblox' further supports this. While no scripts were explicitly extracted, the ML classifier flagged the PDF as malicious, indicating a high likelihood of malicious intent, likely to trick users into downloading a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/hack-inventary-roblox PDF link annotation
    • http://bau-lk.de/images/free-robux-growbuxnet.pdfIn PDF document text
    • https://reggieslockandkey.com/images/roblox-password-cracker-free-download.pdfIn PDF document text
    • http://kruiz21.ru/images/roblox-scp-site-61-hack.pdfIn PDF document text
    • http://webstan.be/images/roblox-thomas-wooden-railway-free-demo.pdfIn PDF document text
    • http://legs11.co.za/images/unpatchable-robux-hack-robuxian-website.pdfIn PDF document text
    • https://www.cnte.org.br/images/how-to-get-roblox-codes-for-free.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/cheats-for-meep-city-roblox.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/gift-card-free-online-roblox.pdfIn PDF document text
    • https://pagadder.com/images/eviction-notice-roblox-hack.pdfIn PDF document text
    • http://canadatowers.com/images/roblox-real-hack-robux.pdfIn PDF document text
    • https://corbo.ru/images/roblox-robux-hack-android.pdfIn PDF document text
    • https://reggieslockandkey.com/images/how-to-get-free-robux-fast-and-easy-2.pdfIn PDF document text
    • https://gigbagwinkel.nl/images/is-it-possible-to-hack-robux.pdfIn PDF document text
    • https://www.udivadlahotel.cz/images/how-to-get-free-things-from-the-catalog-on-roblox.pdfIn PDF document text
    • http://tecnodue.com/images/codes-to-get-free-vip-in-roblox.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/shirt-ash-on-roblox-free-on-shirt.pdfIn PDF document text
    • http://fsgtoday.com/images/how-to-hack-accounts-on-roblox-and-no-logout.pdfIn PDF document text
    • https://technospektr.com.ua/images/cheats-in-wolves-life-3-roblox.pdfIn PDF document text
    • http://www.eaapiaria.es/images/roblox-new-shoot-through-walls-hack.pdfIn PDF document text
    • http://www.fanciullovito.it/images/how-to-get-free-robux-guava-juice.pdfIn PDF document text
    • http://www.homesweethome.pl/images/god-hack-on-roblox-with-check-cashed.pdfIn PDF document text
    • https://wandersuechtig.de/images/how-to-execute-my-hack-scripts-in-roblox.pdfIn PDF document text
    • http://loszavera.com/images/hjow-to-get-free-robux.pdfIn PDF document text
    • http://shahriyarclimb.com/images/roblox-free-100k-robux.pdfIn PDF document text
    • https://pemadamapi.net/images/pain-exist-hack-roblox.pdfIn PDF document text
    • https://stroyzakazremont.ru/images/free-roblox-codes-2021-may.pdfIn PDF document text
    • http://biccairo.com/images/game-freak-free-robux.pdfIn PDF document text
    • http://reisebild.eu/images/did-biggy-get-robux-free-norris-nuts.pdfIn PDF document text
    • http://kfz-ilg.com/images/how-to-hack-someone-on-roblox-vermillion.pdfIn PDF document text
    • http://apkmaykop.ru/images/cheat-engine-that-works-for-roblox.pdfIn PDF document text
    • http://nevesomost.by/images/cheat-code-for-zoo-tycoon-money-roblox.pdfIn PDF document text
    • http://eliteprofkosmetik.com.ua/images/how-to-get-free-robux-without-hacking-2021.pdfIn PDF document text
    • http://zarinnameh.ir/images/cheat-engine-roblox-this-game-has-shut-down.pdfIn PDF document text
    • http://sexythings.gr/images/better-generator-free-robux.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/how-to-hack-stats-on-roblox.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/how-to-hack-anyones-account-on-roblox-2021.pdfIn PDF document text
    • http://bassacctaxservices.com/images/roblox-jailbreak-airdrop-spawn-hack.pdfIn PDF document text
    • http://grupodin.com.br/images/roblox-sex-cheat.pdfIn PDF document text
    • http://seniorenverband-brh-nds.de/images/roblox-reason-2-die-money-hack.pdfIn PDF document text
    • https://www.hbproducts.dk/images/free-gear-on-the-roblox-catalog.pdfIn PDF document text
    • https://semanasantacehegin.com/images/how-to-get-free-robux-sign-up.pdfIn PDF document text
    • http://arcnjournals.org/images/how-do-i-hack-into-someones-roblox-account.pdfIn PDF document text
    • https://laconce.com/images/dll-dor-roblox-hacks.pdfIn PDF document text
    • https://www.saisystem.it/images/how-to-use-inspect-element-to-hack-roblox-2021.pdfIn PDF document text
    • https://www.lavigny.ch/images/cool-exploits-for-roblox-totaly-safe-and-free.pdfIn PDF document text
    • http://www.maakherumusic.net/images/diamond-roblox-hack.pdfIn PDF document text
    • http://www.htc.edu.au/images/free-roblox-card-pins-2021.pdfIn PDF document text
    • http://swibome.nl/images/roblox-vip-server-jailbreak-free.pdfIn PDF document text
    • http://www.mjclautrec.fr/images/free-livr-emerald-giveaways-roblox-direct.pdfIn PDF document text
    +12 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008004.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8004 26120 bytes
SHA-256: a40ff97bdf2e63fb71cd5dc5e2404b9f3b0d89b5457f1099d79fdbeac21cd657
font_01_sfnt_off0000bb74.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBB74 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c524.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC524 18116 bytes
SHA-256: 0c5e5b5dd2829db37517afaf07a40d5f81d44b8693a503352717d6b51017f797