PDF static analysis report

Static analysis result for SHA-256 204d9b8ca227a3b9…

SUSPICIOUS

PDF

48.0 KB Created: 2021-04-02 21:17:05 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: 9b4387e09ef6de204460d41a08b34dd8 SHA-1: 576a1740225909c5d336ad7c2aca363b0c18dc63 SHA-256: 204d9b8ca227a3b9e051b3e5be3b4578d395b437370402c0560a48dd5a9f3647
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous URLs advertising cheats and hacks for Roblox, with a primary lure pointing to 'Hacking Simulator Roblox'. The ML classifier flagged this PDF as malicious with high confidence. While no scripts were explicitly extracted, the presence of embedded URLs and the document's theme suggest a phishing or malware distribution attempt, likely initiated via spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8177

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/hacking-simulator-roblox PDF link annotation
    • http://nevesomost.by/images/free-robux-codes-livestream.pdfIn PDF document text
    • https://www.air-shop.cz/images/increible-hack-de-robux.pdfIn PDF document text
    • http://iluvlocalplaces.com/images/how-to-hack-robux-in-1-min.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/free-assassin-roblox-coins.pdfIn PDF document text
    • http://cosver.eu/images/roblox-inspect-hack.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/roblox-apple-store-tycoon-free-money.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/how-to-get-free-robux-surveys.pdfIn PDF document text
    • http://learningarabic.co.uk/images/how-to-hack-robux-with-cheat-engine-61.pdfIn PDF document text
    • http://sscclc.edu.ec/images/roblox-sonar-studios-dragon-adventures-cheats.pdfIn PDF document text
    • https://crank.ee/images/bhop-cheats-roblox.pdfIn PDF document text
    • http://www.evaplast.by/images/free-roblox-animation-codes.pdfIn PDF document text
    • http://pa-tanjungselor.go.id/images/hack-phantom-forces-roblox.pdfIn PDF document text
    • http://www.actae.gr/images/hack-passwords-roblox.pdfIn PDF document text
    • https://www.porthos.it/images/if-roblox-was-not-free-part-2.pdfIn PDF document text
    • https://crank.ee/images/free-robux-hack-ipad.pdfIn PDF document text
    • https://www.air-shop.cz/images/how-to-get-a-private-server-in-roblox-for-free.pdfIn PDF document text
    • http://www.htc.edu.au/images/free-robux-100-life-free-for-roblox.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/pastebin-hack-robux-free.pdfIn PDF document text
    • https://tokunfome.com.br/images/how-to-hack-roblox-accounts-2021-inspect.pdfIn PDF document text
    • https://www.cnte.org.br/images/free-robux-glitch-generator.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/roblox-muscle-shirt-free.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/roblox-jailbreak-hack-2021-download.pdfIn PDF document text
    • http://www.ntc.edu.za/images/roblox-registration-right-way-up-cheats.pdfIn PDF document text
    • https://www.sitiwebjoomla.it/images/roblox-2021-1m-free-robux-give-away.pdfIn PDF document text
    • http://www.anies.eu/images/military-simulator-hack-roblox.pdfIn PDF document text
    • http://domaizdereva24.ru/images/free-abandoned-roblox-accounts.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/roblox-speed-click-hack.pdfIn PDF document text
    • https://accord.kiev.ua/images/roblox-mad-paintball-2-speed-hack.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/roblox-can-you-teach-me-how-to-hack.pdfIn PDF document text
    • http://www.kalaaliaraq.dk/images/how-to-hack-roblox-with-cheat-engine-67.pdfIn PDF document text
    • http://www.cuniv-naama.dz/images/free-pin-for-roblox-gift-card.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/case-clicker-hack-roblox-2021.pdfIn PDF document text
    • http://sscclc.edu.ec/images/how-to-get-free-robux-with-survey.pdfIn PDF document text
    • https://www.albisser.ch/images/roblox-cheat-codes-for-robux-and-tix-2021.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/free-robux-2021-hack-pc.pdfIn PDF document text
    • https://www.hbproducts.dk/images/roblox-shinobi-life-cheats.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/add-robux-for-free.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/free-promo-codes-roblox-july-2021.pdfIn PDF document text
    • http://www.hawler.in/images/free-robux-generator-lebansay.pdfIn PDF document text
    • http://uptodate.az/images/roblox-free-downoad.pdfIn PDF document text
    • https://www.romedia.gr/images/roblox-louie-vuitton-free.pdfIn PDF document text
    • https://www.iadh.bi/images/roblox-bubble-gum-rainbow-shock-free.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/free-robux-without-human-verification-or-survey-2021.pdfIn PDF document text
    • http://ff-obertraun.at/images/roblox-new-free-hair.pdfIn PDF document text
    • https://kimolos-link.gr/images/a-hack-for-robux.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/free-admin-roblox-games.pdfIn PDF document text
    • http://nevesomost.by/images/roblox-granny-cheats.pdfIn PDF document text
    • https://amatq.ca/images/how-to-get-free-shirts-on-roblox-2021-without-bc.pdfIn PDF document text
    • http://www.evaplast.by/images/6x-xp-arc-of-forbidden-elements-hacks-for-roblox-script.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000546d.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x546D 24836 bytes
SHA-256: b28c35a3c492b9ea12b40328b4782c4ddce98b2b0cd3c5b19c6fbeb01a19bb72
font_01_sfnt_off00008c8e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8C8E 2868 bytes
SHA-256: 8aff7c8954f1c539c9759393059e9faec63f5819f4e6496b89c1eafbc2832653
font_02_sfnt_off00009671.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9671 18500 bytes
SHA-256: 7397a6d87926c972fedfcb76800c2886c6b6bf5969ebc5ade625f59061a67144