PDF static analysis report

Static analysis result for SHA-256 42a6b67063cc7233…

SUSPICIOUS

PDF

38.7 KB Created: 2021-04-06 02:39:57 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-01
MD5: 287c1bd20f438f5f668dd8af9c30c8f1 SHA-1: 87b65a6a5bac74f73b6c3221cc68fb11526c282c SHA-256: 42a6b67063cc723308b6d3490996930dce13a33af0a18887f2819007b78b7762
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9834

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/rblx-gg-earn-free-robux PDF link annotation
    • http://studioarad.ro/images/hack-para-roblox-para-matar.pdfIn PDF document text
    • http://ims-77.fr/images/blockland-for-free-robux.pdfIn PDF document text
    • http://www.remiauclair.fr/images/how-do-i-earn-robux-for-free.pdfIn PDF document text
    • http://fm-express.de/images/iron-spider-roblox-free.pdfIn PDF document text
    • http://abqwinair.com/images/how-to-hack-roblox-accounts-password.pdfIn PDF document text
    • http://ferienhaus-summt.de/images/slurp-roblox-cheat.pdfIn PDF document text
    • https://www.ukrtrans.biz/images/how-to-spawn-hack-in-apocalypse-rising-roblox-2021.pdfIn PDF document text
    • http://www.gravel.ru/images/roblox-hack-space.pdfIn PDF document text
    • http://haertetechnik-steinbach.de/images/free-roblox-level-7-exploiter-crrake.pdfIn PDF document text
    • http://bluediffusion.it/images/bloxy-world-for-free-robux.pdfIn PDF document text
    • http://jointworkstudio.com/images/hacking-roblox-acounts-sites.pdfIn PDF document text
    • http://gamixpaliwa.pl/images/add-robux-for-free.pdfIn PDF document text
    • http://wokbaarlo.nl/images/free-robux-number.pdfIn PDF document text
    • https://cintasoeste.com.ar/images/free-accounts-from-2021-with-robux.pdfIn PDF document text
    • https://www.gvandenakker.nl/images/how-to-work-get-a-roblox-hack-gui-to-work.pdfIn PDF document text
    • http://artindex.pro/images/free-roblox-money-for-money.pdfIn PDF document text
    • http://ff-obertraun.at/images/how-to-put-music-into-any-roblox-game-hacks.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/free-robux-no-survey-or-verification-2021.pdfIn PDF document text
    • http://businessfit.com/images/nomnomnom1-roblox-hacker.pdfIn PDF document text
    • http://malichy.pl/images/jailbreak-hacks-for-roblox.pdfIn PDF document text
    • http://prohsa.com/images/can-roblox-games-be-hacked.pdfIn PDF document text
    • http://jwcrownlimo.net/images/robux-free-gg.pdfIn PDF document text
    • http://www.eurosan1.ba/images/hacking-roblox-accounts-cheat-engine.pdfIn PDF document text
    • http://iacovoulaw.com/images/free-robux-pastebin-easy.pdfIn PDF document text
    • http://instrutech.co.th/images/boku-no-roblox-all-legendary-quirks-hack.pdfIn PDF document text
    • http://teknotools.net/images/roblox-pokemon-brick-bronze-hack-money.pdfIn PDF document text
    • http://www.vktzunami.cz/images/undetectable-cheat-roblox-fly.pdfIn PDF document text
    • http://akademiatenisa.org/images/cheat-roblox-pour-counter-blox.pdfIn PDF document text
    • http://legs11.co.za/images/free-robux-hak-2021-on-roblox.pdfIn PDF document text
    • http://nevesomost.by/images/free-promo-codes-roblox-wiki.pdfIn PDF document text
    • http://kulturlandschaften.eu/images/denisdaily-get-free-robux.pdfIn PDF document text
    • http://stansabbiatura.com/images/free-robux-live-now-2021.pdfIn PDF document text
    • http://bit-sky.com/images/elemental-cheats-war-magic-roblox.pdfIn PDF document text
    • https://scraperite.com/images/comment-telecharger-un-logiciel-de-hack-dur-roblox.pdfIn PDF document text
    • http://www.conservatoriolecce.it/images/https-wwwrobloxcom-games-202120216-galaxy-hacks.pdfIn PDF document text
    • http://technologicalsc.com/images/code-for-naruto-roblox-free-spins.pdfIn PDF document text
    • http://ivpr.net/images/roblox-hack-robux-download-android.pdfIn PDF document text
    • http://musical-arts.de/images/admin-hack-roblox-exploit.pdfIn PDF document text
    • http://www.gearestauri.it/images/free-robux-console.pdfIn PDF document text
    • http://businessmart.ro/images/free-robux-hack-download.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/roblox-free-rpbux.pdfIn PDF document text
    • https://www.wijhalenhetop.nl/images/robux-ios-hack.pdfIn PDF document text
    • http://www.boic.nl/images/accessory-wings-roblox-free.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/emergency-response-liberty-county-roblox-free.pdfIn PDF document text
    • http://dshikr.ru/images/free-robux-codes-2021-not-expired.pdfIn PDF document text
    • https://elite-house.su/images/how-to-hack-robux-on-ipad-2021.pdfIn PDF document text
    • http://joshherman.com/images/clothing-making-software-free-roblox.pdfIn PDF document text
    • https://www.stoehr-sauer.de/images/kohls-admin-hopuse-hacks-roblox.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/https-free-robux.pdfIn PDF document text
    +1 more URL(s)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000080ca.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x80CA 9267 bytes
SHA-256: db93e7655c1f9441671cc154c0a40c774cf3e593ed67e5216ed586438084a0c8