PDF static analysis report

Static analysis result for SHA-256 22d57783ed88c100…

SUSPICIOUS

PDF

58.2 KB Created: 2021-04-05 21:40:36 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: a4e373fca7b7270a78e39d62aaf4fc53 SHA-1: 31428dbbf115ebbd7d8eabf64e6c4fbe74dac195 SHA-256: 22d57783ed88c100b80fe7b86f1d77fb4db93f981420bf5c688c9b7665ecccf7
50 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. It uses an urgency-based lure. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 4

  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/but-link-says-free-robux-walter PDF link annotation
    • https://meltonschool.org/images/roblox-free-accounts-may-2021.pdfIn PDF document text
    • http://j-cook.pro/images/yt-comment-hack-roblox.pdfIn PDF document text
    • http://abletrustcare.com/images/free-robux-generator-download-2021.pdfIn PDF document text
    • http://stitchingart.com/images/free-robux-game-that-showed-on-roblox.pdfIn PDF document text
    • http://dottgagliardi.com/images/syntetisia-roblox-hack.pdfIn PDF document text
    • http://www.bbnest.it/images/how-to-hack-roblox-pc-2021.pdfIn PDF document text
    • http://kruiz21.ru/images/how-can-i-free-robux-on-roblox-games.pdfIn PDF document text
    • https://uofk.edu/images/robux-free-card-codes-2021.pdfIn PDF document text
    • http://serviio.org/images/how-to-recove-hacked-account-roblox.pdfIn PDF document text
    • https://www.fhccu.com/images/roblox-outfits-free.pdfIn PDF document text
    • http://salantiskis.lt/images/best-roblox-games-to-hack-on.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/admin-hack-roblox-2021.pdfIn PDF document text
    • http://www.isril.it/images/2021-roblox-accounts-free.pdfIn PDF document text
    • http://www.remiauclair.fr/images/how-to-get-free-robux-on-a-ipad-2021.pdfIn PDF document text
    • https://roberto-gac.com/images/how-to-get-free-robux-hack-generator.pdfIn PDF document text
    • http://kulturhusbabberich.nl/images/earn-free-robux-hack.pdfIn PDF document text
    • http://www.brtes.com/images/how-to-get-free-robux-n-roblox.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/odyssey-roblox-hacks.pdfIn PDF document text
    • https://tokunfome.com.br/images/roblox-currency-hack-lua-script.pdfIn PDF document text
    • http://asiashop-france.fr/images/nico-hacker-2-parte-de-roblox.pdfIn PDF document text
    • https://www.elevage-chiot.fr/images/how-to-get-free-robux-and-free-catalog.pdfIn PDF document text
    • http://kcpb51.ru/images/free-roblox-admin-comand.pdfIn PDF document text
    • http://evro-okna.net/images/roblox-10-dollar-gift-card-free.pdfIn PDF document text
    • https://farmaciadelbivio.it/images/hacks-para-jailbreak-roblox-2021.pdfIn PDF document text
    • http://garrisonjazz.com/images/how-to-get-free-clothes-on-roblox-without-creating.pdfIn PDF document text
    • http://unionmusicaldebenidorm.com/images/free-roblox-dll-injector.pdfIn PDF document text
    • http://indotec.fr/images/hack-robux-site-robloxcom.pdfIn PDF document text
    • http://schrichte.de/images/gun-hack-roblox-pastebin.pdfIn PDF document text
    • http://museumkk.ru/images/roblox-what-do-you-do-when-your-account-gets-hacked.pdfIn PDF document text
    • https://www.ghknights.org/images/free-roblox-exploits-2021.pdfIn PDF document text
    • http://jdlrelocation.com/images/hack-de-roblox-lumber-tycoon-2.pdfIn PDF document text
    • http://ilcommercialista.info/images/roblox-hack-smurf-backpack.pdfIn PDF document text
    • http://dennemaat.nl/images/roblox-new-have-county-hack.pdfIn PDF document text
    • http://citycare.pt/images/how-do-you-get-free-roblox-clothes.pdfIn PDF document text
    • https://www.fenews.co.uk/images/tbc-oil-platform-roblox-free-download.pdfIn PDF document text
    • http://www.fluidtech.hu/images/free-robux-limiteds-comlu-com.pdfIn PDF document text
    • http://www.cosver.nl/images/vibe-train-roblox-hack.pdfIn PDF document text
    • http://moralcenter.or.th/images/how-to-hack-robux-on-pc-2021.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/cmo-conseguir-free-robux-generator-2021-100.pdfIn PDF document text
    • http://www.mediaxin.net/images/free-robux-generator-no-human-verification-or-download.pdfIn PDF document text
    • http://centuriatus.com/images/logo-roblox-hack.pdfIn PDF document text
    • http://archi-z.ru/images/roblox-hack-bars-2021.pdfIn PDF document text
    • http://pourvosvacances.com/images/free-robux-codes-rewview.pdfIn PDF document text
    • http://ohsawamacrobiotics.com/images/get-free-robux-with-synapse.pdfIn PDF document text
    • https://www.nema.go.ke/images/how-to-get-free-robux-easy-and-fast-2021.pdfIn PDF document text
    • https://www.hotschool.com.au/images/roblox-obc-hack-2021.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/roblox-bloxburg-house-builders-free.pdfIn PDF document text
    • http://arthakranti.org/images/hack-assassin-roblox.pdfIn PDF document text
    • http://bilhetim.com.br/images/awesome-roblox-hacks.pdfIn PDF document text
    +12 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008178.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8178 26976 bytes
SHA-256: 7981f6fdecff0c1cb55a25cb55ac047c867b81bfe7bb10b02a345430a85156bd
font_01_sfnt_off0000bf10.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBF10 18672 bytes
SHA-256: eaaf25b0ad1f7d16e86a72f02ab9e980ed1a2b7f94c51f6f2730b24b23ceedf3