Malicious PDF — malware analysis report

Static analysis result for SHA-256 28b50ab53263ee64…

MALICIOUS

PDF

60.3 KB Created: 2021-04-05 20:30:28 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 14c5034e9f6ed7d52f7945eaf99fe536 SHA-1: b76cd96d76633fc865f03cdae8e78cd86ceeb656 SHA-256: 28b50ab53263ee647c681dd95011254bbf10de02b411a76ed2578fe8115f39e7
72 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous links to websites that claim to offer game hacks, specifically for Roblox. The heuristic 'PDF_GAME_HACK_LINK_FARM' indicates a link farm designed to lure users. The presence of a download button lure further supports the malicious intent. While no scripts were directly extracted, the document's structure and embedded URLs suggest it's part of a campaign to trick users into visiting potentially malicious sites, likely for credential harvesting or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 4

  • PDF carries game-hack generator link farm medium PDF_GAME_HACK_LINK_FARM
    PDF contains a gaminggenerator.org app lure together with multiple external PDF links whose filenames advertise game hacks, cheats, jailbreaks, or generators. This is a lure/delivery link farm rather than a PDF exploit: the risk is the linked redirection chain.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/hack-de-robux-gratis PDF link annotation
    • https://pneukalousek.cz/images/comment-entrer-un-code-sur-roblox-cheat.pdfIn PDF document text
    • http://www.arredifunebri.com/images/free-epic-face-roblox.pdfIn PDF document text
    • http://www.evaplast.by/images/fast-run-hack-roblox-murder-mystery.pdfIn PDF document text
    • https://socialvalue.gr/images/final-stand-2-hack-roblox.pdfIn PDF document text
    • http://hk-kan.org/images/roblox-how-to-change-your-username-for-free-2021.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/how-to-hack-through-walls-in-big-brother-roblox.pdfIn PDF document text
    • http://gods-own.org/images/fr-ee-hacks-for-roblox.pdfIn PDF document text
    • http://sscclc.edu.ec/images/free-bear-mask-for-roblox.pdfIn PDF document text
    • http://www.friendshiptransport.net/images/roblox-glitch-site-free-robux.pdfIn PDF document text
    • http://www.ntc.edu.za/images/hack-werardevnet-roblox.pdfIn PDF document text
    • https://shop.bellmann-muenzen.de/images/free-accessorys-althiem-online-roblox.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/roblox-com-cheat.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/how-to-get-hacks-on-roblox-prison-life.pdfIn PDF document text
    • http://learningarabic.co.uk/images/como-hackear-roblox-para-tener-robux-2021.pdfIn PDF document text
    • https://www.cnte.org.br/images/roblox-hack-descargar.pdfIn PDF document text
    • https://yarburservices.ru/images/roblox-pastebin-hack.pdfIn PDF document text
    • http://finalstand.org/images/how-to-hack-for-robux-2021.pdfIn PDF document text
    • http://eddieblum.nl/images/free-robux-with-inspect-2021.pdfIn PDF document text
    • http://www.visiblefilm.com/images/roblox-do-you-want-free-robux-ad.pdfIn PDF document text
    • https://bdhcpa.com/images/robux-free-verdienen.pdfIn PDF document text
    • http://www.exikom.com.ua/images/roblox-how-to-get-robux-for-free-2021.pdfIn PDF document text
    • http://stroygrad-spb.com/images/roblox-robux-simulator-hack.pdfIn PDF document text
    • http://musical-arts.de/images/how-to-get-free-robux-on-roblox-on-xbox-one.pdfIn PDF document text
    • http://www.marambio.com.ar/images/how-to-make-a-hacker-in-roblox.pdfIn PDF document text
    • http://baah.ca/images/how-to-hack-roblox-no-verification.pdfIn PDF document text
    • http://www.mikramarine.gr/images/how-to-get-free-clothes-on-roblox-with-builders-club.pdfIn PDF document text
    • http://hospitalsalamanca.cl/images/jojo-characters-on-roblox-free.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-make-your-own-hacks-for-roblox.pdfIn PDF document text
    • http://grupodin.com.br/images/roblox-jailbreak-hacks-march-2021-working.pdfIn PDF document text
    • http://ff-obertraun.at/images/free-robux-generator-group.pdfIn PDF document text
    • http://pa-bengkulukota.go.id/images/roblox-all-gamepasses-for-free.pdfIn PDF document text
    • https://enpav.it/images/robux-no-hacks.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/roblox-cheat-no-key-required.pdfIn PDF document text
    • https://ghpa.ru/images/free-card-robux.pdfIn PDF document text
    • http://samfora.de/images/are-roblox-hack-clients-a-thing.pdfIn PDF document text
    • http://www.likto.eu/images/roblox-bee-game-hack-to-play.pdfIn PDF document text
    • http://www.elis-strechy.cz/images/how-to-hack-atm-roblox.pdfIn PDF document text
    • http://pourvosvacances.com/images/instant-hack-robux.pdfIn PDF document text
    • http://businessfit.com/images/free-robux-place.pdfIn PDF document text
    • http://beagles-of-harmony.de/images/champione-simulator-roblox-how-to-have-vip-chest-for-free.pdfIn PDF document text
    • https://bdsm-centrum.com/images/roblox-promo-codes-free-2021.pdfIn PDF document text
    • http://www.fluidtech.hu/images/hacks-tools-roblox.pdfIn PDF document text
    • http://cristalysoptic.com/images/roblox-cheat-sheet.pdfIn PDF document text
    • http://evro-okna.net/images/how-to-get-free-visits-on-roblox.pdfIn PDF document text
    • http://www.remiauclair.fr/images/youtube-hack-roblox.pdfIn PDF document text
    • http://bestwig.de/images/furk-roblox-hack-download.pdfIn PDF document text
    • http://evp-sanorlenok.ru/images/free-group-generator-roblox.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/money-hack-roblox-vehicle-simulator.pdfIn PDF document text
    • http://linens.kiev.ua/images/hacks-to-get-money-on-roblox-adopt-me.pdfIn PDF document text
    +15 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000080de.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x80DE 25616 bytes
SHA-256: e87a67abda267b04c5bf298b61c7dbd90eac17f89917912350f92cb2cb153102
font_01_sfnt_off0000bb8d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBB8D 3884 bytes
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf
font_02_sfnt_off0000c834.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC834 18204 bytes
SHA-256: 47aee6d3788fe12df3cee1f8c31358abbe9a591aef40ff1583517d6ab3228427