Malicious PDF — malware analysis report

Static analysis result for SHA-256 3a40e4546f92e5b3…

MALICIOUS

PDF

58.8 KB Created: 2021-04-05 21:15:16 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 1367b4392077ca3e29de9be04d9dc2e5 SHA-1: 16115adf075149e8e3f211b46e9994644671332f SHA-256: 3a40e4546f92e5b32cc634845dce031de10e0933292172231172d8741c5076da
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document uses a social engineering lure related to hacking Robux for the game Roblox, aiming to trick users into clicking malicious links. The heuristic 'SE_BROWSER_INSTALL_LURE' indicates the document likely prompts users to install a fake browser extension or update, which is a common method for delivering malware. Numerous embedded URLs were found, suggesting the document acts as a dropper or redirects to malicious sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 4

  • Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
    Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/como-hackear-robux-en-roblox-facil-y-rapido-en-celular PDF link annotation
    • http://goldwing-shop.ru/images/youtube-roblox-jailbreak-hack-keycard.pdfIn PDF document text
    • http://kermas.eu/images/roblox-online-hack-tool.pdfIn PDF document text
    • https://verdensbarn.no/images/roblox-cheat-engine-change-stat.pdfIn PDF document text
    • http://domaizdereva24.ru/images/roblox-free-robux-no-human-verification-2021.pdfIn PDF document text
    • http://reggieslockandkey.com/images/wanna-join-my-free-giftcard-giveaway-roblox-id.pdfIn PDF document text
    • http://parkinsononline.com/images/hack-vip-roblox.pdfIn PDF document text
    • http://glaubensfragen.org/images/how-to-get-free-robux-for-pc-2021.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/roblox-hack-apk-2021.pdfIn PDF document text
    • http://fradiomas.com/images/free-cerberus-roblox.pdfIn PDF document text
    • http://ernstgloves.co.il/images/roblox-dubliezieren-hack.pdfIn PDF document text
    • https://masseymotorcars.com/images/comment-acheter-des-robux-avec-une-carte-hacker.pdfIn PDF document text
    • https://studentcareerinfo.com/images/free-roblox-cocdes.pdfIn PDF document text
    • https://koeltotaal.com/images/i-hacked-deines-daily-roblox.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/cheat-engine-roblox-super-speed.pdfIn PDF document text
    • http://centuriatus.com/images/roblox-hack-2021-free-download.pdfIn PDF document text
    • http://drentklubben.se/images/free-robux-30.pdfIn PDF document text
    • http://ff-obertraun.at/images/how-to-get-free-robux-no-hack-april-2021.pdfIn PDF document text
    • http://a1scan3d.com/images/hack-peoples-accounts-roblox.pdfIn PDF document text
    • http://santjoandelesabadesses.cat/images/v3rmillion-free-roblox-exploits.pdfIn PDF document text
    • http://bagna.pl/images/how-to-how-to-get-free-robux.pdfIn PDF document text
    • http://prodent.com.ua/images/free-robux-computer-2021.pdfIn PDF document text
    • https://www.eglihotel.gr/images/hack-para-tener-robux-2021.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/free-cool-tshirt-roblox.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/free-account-roblox-2021.pdfIn PDF document text
    • http://osteonad.com/images/roblox-explorer-hack-script-pastebin-2021.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/cheat-codes-for-roblox-mad-paint-ball-2.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/how-to-find-out-who-hacked-your-roblox.pdfIn PDF document text
    • https://www.lomrad.go.th/images/free-robux-just-watch-ads.pdfIn PDF document text
    • http://www.imperialaccountingfl.com/images/how-do-u-become-a-hacker-in-roblox.pdfIn PDF document text
    • http://moto98.com/images/how-to-get-fre-robux-inspect-element-not-fake.pdfIn PDF document text
    • http://www.imperialaccountingfl.com/images/free-ranked-roblox.pdfIn PDF document text
    • https://www.porthos.it/images/how-do-doload-hacks-in-roblox.pdfIn PDF document text
    • http://gods-own.org/images/roblox-cheats-for-dead-rising-2.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/roblox-how-to-get-free-robux-2021-no-hack.pdfIn PDF document text
    • http://cleanteclogistics.com/images/roblox-build-a-boat-for-treasure-hack-2021.pdfIn PDF document text
    • http://britishcomics.com/images/hack-script-download-roblox.pdfIn PDF document text
    • http://shootawayproduction.com/images/gamecheat-us-roblox-hack.pdfIn PDF document text
    • https://masseymotorcars.com/images/can-you-sell-shirts-for-free-in-roblox.pdfIn PDF document text
    • https://www.porthos.it/images/todos-los-hacks-de-check-casher-v3-roblox-prision-life.pdfIn PDF document text
    • http://alpen-seeblick.at/images/roblox-wild-revolvers-hack.pdfIn PDF document text
    • https://seedungo.com/images/dss-roblox-money-hacks.pdfIn PDF document text
    • https://www.milewood.co.uk/images/how-to-hack-dantdm-on-roblox-and-give-robux.pdfIn PDF document text
    • http://mydevice.com.au/images/roblox-how-to-be-copletely-white-free.pdfIn PDF document text
    • https://www.albisser.ch/images/free-roblox-levels.pdfIn PDF document text
    • http://safari-crimea.com/images/cheat-engine-trainers-for-roblox-list.pdfIn PDF document text
    • http://kruiz21.ru/images/free-roblox-gift-card-code-generator-2021.pdfIn PDF document text
    • http://bufbd.org/images/roblox-cheat-dll-phantom-forces.pdfIn PDF document text
    • https://www.laarsenco.nl/images/cheat-roblox-offensive.pdfIn PDF document text
    • https://sectorpravdy.com/images/how-to-earn-free-robux-in-roblox.pdfIn PDF document text
    +17 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008557.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8557 26240 bytes
SHA-256: 8674a4a3a179fc50cc30ad3bca3296b2b07b1501b16949b74f5b4c030535e146
font_01_sfnt_off0000c11f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC11F 18912 bytes
SHA-256: dc7a8d03330f174c8c319c1a904859ca4f67f554cd10d52df2738e61ea08170e

Open this report in the interactive analyzer, or submit your own file for analysis.