PDF static analysis report

Static analysis result for SHA-256 3b2dbf0df1454aa9…

SUSPICIOUS

PDF

60.6 KB Created: 2021-04-05 19:20:58 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 9daf0fbe5ee679cd0f278b19c0fe19bb SHA-1: 1cb10237a0ad1477ab7107806165f5077e61fa39 SHA-256: 3b2dbf0df1454aa9d15184ab5d9ff27118d5f6ddf61871d826a07a33baf5feef
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous links to websites that promise free Robux or hacking tools for the Roblox game, indicating a phishing or scam attempt. The ML classifier also flagged the PDF as malicious. While no scripts were extracted, the presence of external URIs and the document's content strongly suggest a social engineering attack aimed at tricking users into visiting malicious websites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-hack-roblox-and-get-free-robux-on-ipad PDF link annotation
    • https://www.cnte.org.br/images/how-to-hack-roblox-with-python.pdfIn PDF document text
    • http://www.evaplast.by/images/how-to-hack-into-people-in-roblox.pdfIn PDF document text
    • http://smart-pro.co.uk/images/how-to-get-free-money-in-roblox-adopt-me-2021.pdfIn PDF document text
    • http://www.teapotjewelry.com/images/como-tener-robux-gratis-con-hacks.pdfIn PDF document text
    • http://muko-unterfranken.info/images/free-robux-hack-apk-download.pdfIn PDF document text
    • https://www.seeingindependence.org/images/how-to-get-unlimited-free-robux-on-roblox-2021-jefftec.pdfIn PDF document text
    • http://daksz.hu/images/roblox-bgs-cheats-to-get-kraken.pdfIn PDF document text
    • https://tokunfome.com.br/images/nike-roblox-free.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/hack-this-roblox-account.pdfIn PDF document text
    • https://abouttimetech.com/images/hacks-for-booga-booga-roblox-2021.pdfIn PDF document text
    • https://www.milewood.co.uk/images/how-to-make-hack-scripts-for-roblox.pdfIn PDF document text
    • http://www.art-concept.gr/images/roblox-project-jojo-white-snake-free.pdfIn PDF document text
    • https://gryps.de/images/free-model-purchase-request-roblox.pdfIn PDF document text
    • http://gitagasht.com/images/roblox-free-robux-hack-2021.pdfIn PDF document text
    • http://fmbompastor.com.br/images/mode-hacker-roblox.pdfIn PDF document text
    • https://www.fubode.org/images/best-home-free-models-roblox.pdfIn PDF document text
    • http://ivalor.fr/images/roblox-hack-apk-download-pc.pdfIn PDF document text
    • https://www.hotschool.com.au/images/free-robux-without-paying-money-for-typing-password.pdfIn PDF document text
    • http://altc.de/images/how-to-call-roblox-for-free-robux.pdfIn PDF document text
    • http://eastwestmacrobiotics.com/images/roblox-robux-hack-tool-download.pdfIn PDF document text
    • http://energotestcontrol.ru/images/counter-blox-roblox-offensive-how-to-get-free-skins.pdfIn PDF document text
    • https://reggieslockandkey.com/images/how-to-have-free-skin-in-roblox.pdfIn PDF document text
    • http://www.les2alpes-location.com/images/why-does-roblox-hate-free-robux-groups.pdfIn PDF document text
    • http://abst-brandschutztechnik.com/images/free-roblox-accounts-with-obc-and-robux-2021.pdfIn PDF document text
    • http://grupodin.com.br/images/how-to-play-minion-free-tag-roblox.pdfIn PDF document text
    • http://lechia-sedziszow.pl/images/how-to-make-cheat-engine-work-on-roblox.pdfIn PDF document text
    • http://techmobil.pl/images/robux-hacks-2021-no-survey.pdfIn PDF document text
    • http://installer-m.ru/images/roblox-cbro-hack-the-golden-box.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/free-robux-advertisement.pdfIn PDF document text
    • http://alpen-seeblick.at/images/how-to-look-aesthetic-on-roblox-for-free.pdfIn PDF document text
    • https://icefuture.ru/images/how-to-get-hacks-for-roblox-jailbreak.pdfIn PDF document text
    • https://www.tsdb.com.au/images/roblox-how-to-get-free-stuff-2021.pdfIn PDF document text
    • http://gods-own.org/images/hack-admin-roblox.pdfIn PDF document text
    • http://www.rezbb.sk/images/roblox-hack-tool-no-survey.pdfIn PDF document text
    • http://eddegrootassurantien.nl/images/how-to-get-free-robux-without-paying-real-money.pdfIn PDF document text
    • http://ivalor.fr/images/hack-werardevnet-roblox.pdfIn PDF document text
    • https://www.ukrtrans.biz/images/free-roblox-clothes-event.pdfIn PDF document text
    • https://kinderdam.nl/images/fre-robux-on-pc.pdfIn PDF document text
    • https://www.sitiwebjoomla.it/images/how-to-hack-roblox-accounts-without-cheat-engine.pdfIn PDF document text
    • http://eddegrootassurantien.nl/images/booga-booga-roblox-hack-download.pdfIn PDF document text
    • http://condit-pack.com/images/free-robux-hack-generator-club-2021.pdfIn PDF document text
    • https://amatq.ca/images/www-hacker-ed-robux.pdfIn PDF document text
    • http://www.bripi.pl/images/free-robux-no-generator-no-survey.pdfIn PDF document text
    • http://aiyta.com/images/free-shirt-creator-roblox.pdfIn PDF document text
    • http://iluvlocalplaces.com/images/free-gfx-roblox-2021.pdfIn PDF document text
    • http://hemmet-strand.dk/images/free-robux-group-payouts.pdfIn PDF document text
    • https://amatq.ca/images/300-free-robux.pdfIn PDF document text
    • http://racunari.in.rs/images/roblox-ultimate-driving-westover-islands-money-hack.pdfIn PDF document text
    • http://www.evaplast.by/images/roblox-god-admin-hacks.pdfIn PDF document text
    +17 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000815f.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x815F 27116 bytes
SHA-256: 35930dc6360f0c8b5b8c4883f078b10dcc79bcaff6b095f3b693a8272efb77e3
font_01_sfnt_off0000be4a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBE4A 2844 bytes
SHA-256: baad2f3f6808f4af03fa9398e38c580c8d846f7f773a947d8cc1f39b2753d31a
font_02_sfnt_off0000c80c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC80C 18636 bytes
SHA-256: e2ab9dc51e121633a3e1caef810f3d01cf3b55276709e966014e11ee91f0fbe6