PDF static analysis report

Static analysis result for SHA-256 321109fbe326489d…

SUSPICIOUS

PDF

51.9 KB Created: 2021-04-05 19:39:27 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-25
MD5: 3b4cb31678a5ec445d163e33184fc58a SHA-1: c08361a2d7df7486fa663f4943f21719f6af9b6d SHA-256: 321109fbe326489d3a23cc83c59a97d396143f724146d9e3e6f0b2ea453716cc
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9828

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-hack-site-roblox-unlimited PDF link annotation
    • http://bwharrisalumniusa.org/images/how-to-hack-levels-dragon-ball-z-revalations-roblox.pdfIn PDF document text
    • https://www.milewood.co.uk/images/infinite-jump-roblox-hack-indir.pdfIn PDF document text
    • http://apostolosandreaslemesou.com/images/roblox-hack-khol-admin-perm.pdfIn PDF document text
    • http://stitchingart.com/images/how-to-play-roblox-on-phone-for-free.pdfIn PDF document text
    • https://www.osoc.com/images/how-to-get-free-clothes-on-roblox-2021-no-bc.pdfIn PDF document text
    • http://hydroconseil.net/images/games-for-free-robux.pdfIn PDF document text
    • https://www.stkdb.cz/images/is-free-robux-tool-created-by-hypernova-safe.pdfIn PDF document text
    • http://www.mjclautrec.fr/images/hack-kick-off-roblox.pdfIn PDF document text
    • https://europe-upkl.eu/images/roblox-to-get-robux-hack.pdfIn PDF document text
    • http://domaizdereva24.ru/images/free-robux-promo-codes-2021-march.pdfIn PDF document text
    • https://www.brainpads.com/images/how-to-get-free-robux-form-inspect.pdfIn PDF document text
    • http://www.cosver.nl/images/how-to-get-free-tokens-asssassin-roblox.pdfIn PDF document text
    • http://innovativefs.co.uk/images/how-to-get-free-robux-no-hack-or-cheat-2021.pdfIn PDF document text
    • http://androidthai.in.th/images/roblox-natural-disaster-survival-how-to-get-free-balloon.pdfIn PDF document text
    • https://www.knxuk.org/images/cheat-code-roblox-money.pdfIn PDF document text
    • http://www.rezbb.sk/images/jailbreak-robloxcom-cheats.pdfIn PDF document text
    • http://towtrucklosangeles.com/images/but-to-legit-get-free-builders-club-on-roblox.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/how-to-know-if-your-being-hacked-on-roblox.pdfIn PDF document text
    • https://www.only-press.ru/images/how-to-fly-hack-in-roblox-jailbreak.pdfIn PDF document text
    • http://www.homesweethome.pl/images/future-free-roblox-exploit.pdfIn PDF document text
    • http://www.mikramarine.gr/images/roblox-aimbot-using-cheat-engine.pdfIn PDF document text
    • http://bagna.pl/images/free-roblox-pokemon-go.pdfIn PDF document text
    • http://parkinsononline.com/images/free-roblox-code-generator-no-human-verification.pdfIn PDF document text
    • http://a1scan3d.com/images/roblox-bucks-free.pdfIn PDF document text
    • http://yardfon.go.th/images/windows-7-roblox-hacks.pdfIn PDF document text
    • http://wattkit.com/images/free-robux-developer-tools.pdfIn PDF document text
    • http://medimacs.eu/images/como-hackear-roblox-pushing.pdfIn PDF document text
    • https://sdg-trade.com/images/roblox-free-rubux-hack.pdfIn PDF document text
    • https://www.ncscolour.no/images/free-robux-generator-addon.pdfIn PDF document text
    • https://www.albisser.ch/images/inspect-hack-roblox.pdfIn PDF document text
    • https://sectorpravdy.com/images/robux-hack-zero.pdfIn PDF document text
    • http://hydroconseil.com/images/roblox-developer-console-hack-2021.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/how-you-get-free-robux-hacks.pdfIn PDF document text
    • https://www.wadowice24.pl/images/free-robux-website-2021.pdfIn PDF document text
    • http://adues.org/images/roblox-free-epic-face.pdfIn PDF document text
    • http://iacovoulaw.com/images/roblox-speed-hacks-that-u-can-t-in-chaty.pdfIn PDF document text
    • https://bancroftandsons.com/images/robhacker-free-robux.pdfIn PDF document text
    • http://escolaarboc.cat/images/get-free-robux-the-real-way.pdfIn PDF document text
    • http://webstan.be/images/how-to-get-into-a-account-thats-hacked-in-roblox.pdfIn PDF document text
    • http://moralcenter.or.th/images/www-free-robux-hack-generator-club.pdfIn PDF document text
    • http://bb-im2.com/images/hackear-roblox-pc.pdfIn PDF document text
    • https://www.eglihotel.gr/images/roblox-conins-free.pdfIn PDF document text
    • http://wireprod.net/images/games-in-roblox-that-give-free-robux.pdfIn PDF document text
    • https://www.ncscolour.no/images/give-free-account-roblox-13-jun-2021.pdfIn PDF document text
    • http://www.cosver.nl/images/robux-free-tips-download.pdfIn PDF document text
    • http://businessmart.ro/images/free-robux-hack-2021-working-no-human-verification.pdfIn PDF document text
    • http://smart-pro.co.uk/images/how-to-play-roblox-games-that-cost-robux-for-free.pdfIn PDF document text
    • http://finalstand.org/images/how-to-be-a-hacker-in-roblox-2021.pdfIn PDF document text
    • http://babyxpress.de/images/how-can-you-get-robux-free.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008454.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8454 26948 bytes
SHA-256: 0bcbea91c0826343f96a8a3c83fd45e97941d0330a9ce5d755765b7f9259b86e
font_01_sfnt_off0000c18b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC18B 3884 bytes
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf