PDF static analysis report

Static analysis result for SHA-256 436d5fec65b53895…

SUSPICIOUS

PDF

49.5 KB Created: 2021-04-02 11:25:04 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-22
MD5: 1072a2d544fe405154cb29b4504a661f SHA-1: a10b689f3a54a23831fa44412b46009425de19a9 SHA-256: 436d5fec65b53895d5871775db4198a209c2a63ab81beaba94a008a41aa05147
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8385

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/hack-files-for-roblox PDF link annotation
    • https://www.sinaloadiario.mx/images/how-to-hack-into-a-roblox-account-2021.pdfIn PDF document text
    • https://www.cnte.org.br/images/project-delta-roblox-cheats.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/dont-take-damage-hack-roblox.pdfIn PDF document text
    • http://www.gadanie.lv/images/robux-hack-online.pdfIn PDF document text
    • http://www.maakherumusic.net/images/cruise-ship-simulator-roblox-hack.pdfIn PDF document text
    • https://www.acbc.wa.edu.au/images/roblox-assassin-hacks-2021.pdfIn PDF document text
    • https://verdensbarn.no/images/roblox-player-exe-free-download.pdfIn PDF document text
    • http://www.marambio.com.ar/images/natual-survivle-roblox-cheats.pdfIn PDF document text
    • http://www.actae.gr/images/gratis-hack-royale-hihg-roblox.pdfIn PDF document text
    • https://crank.ee/images/roblox-get-boombox-free-cheat.pdfIn PDF document text
    • http://www.tamogatoweb.hu/images/tp-hacks-script-roblox.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/dhow-do-get-free-robux.pdfIn PDF document text
    • https://www.hotelaziza.com/images/free-robux-card-id.pdfIn PDF document text
    • http://energotestcontrol.ru/images/money-hack-roblox-adopt-me-2021-july.pdfIn PDF document text
    • https://verdensbarn.no/images/roblox-free-robux-scam-uncopylocked.pdfIn PDF document text
    • http://www.torvet11.dk/images/roblox-games-that-give-you-robux-for-free.pdfIn PDF document text
    • http://www.fanciullovito.it/images/equillex-how-to-hack-into-any-roblox-account.pdfIn PDF document text
    • http://www.edid.nl/images/casini-free-robux.pdfIn PDF document text
    • http://www.remiauclair.fr/images/roblox-free-robux-redeim-promo-code.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/free-roblox-adopt-me-pets.pdfIn PDF document text
    • http://www.eurosan1.ba/images/best-free-games-on-roblox.pdfIn PDF document text
    • https://www.albisser.ch/images/ajc-rome-tech-free-roblox.pdfIn PDF document text
    • https://www.academiedespa.be/images/how-to-get-unlimited-free-robux-on-roblox-2021.pdfIn PDF document text
    • http://www.evaplast.by/images/auto-keyboard-roblox-free.pdfIn PDF document text
    • http://learningarabic.co.uk/images/roblox-hack-snow-shoveling-simulator.pdfIn PDF document text
    • http://www.exikom.com.ua/images/free-roblox-promo-codes-no-human-verifycation.pdfIn PDF document text
    • http://legs11.co.za/images/free-robux-hack-no-human-verification-2021-and-no-survey.pdfIn PDF document text
    • https://www.siaeag.fr/images/free-robux-generator-reall-100-xd.pdfIn PDF document text
    • https://www.hotelaziza.com/images/how-to-get-free-robux-step-by-step.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/all-players-in-robloxs-passwords-password-hack.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/free-robux-tix-and-bc.pdfIn PDF document text
    • https://www.seeingindependence.org/images/roblox-free-generator-no-verification.pdfIn PDF document text
    • https://kimolos-link.gr/images/how-to-hack-games-on-roblox-2021.pdfIn PDF document text
    • http://legs11.co.za/images/mod-hackeadas-para-roblox.pdfIn PDF document text
    • http://www.torrenppontassieve.it/images/adopt-me-roblox-hack-money-free.pdfIn PDF document text
    • https://www.facmedtananarive.org/images/how-to-hack-any-game-on-roblox-2021.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/jailbreak-roblox-hack-2021.pdfIn PDF document text
    • http://www.torrenppontassieve.it/images/hack-keeps-crashing-roblox.pdfIn PDF document text
    • http://www.copoint.co.uk/images/how-to-get-1m-free-robux-everyday.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/robux-gift-card-number-free.pdfIn PDF document text
    • http://www.tehran-sam.ir/images/roblox-blockburg-money-hack-penquin-gui-script.pdfIn PDF document text
    • https://www.seeingindependence.org/images/roblox-bloxburg-hack-script-pastebin.pdfIn PDF document text
    • https://www.lions.org.pl/images/roblox-slender-man-outfit-free.pdfIn PDF document text
    • https://corbo.ru/images/how-to-hack-roblox-for-admin-commands.pdfIn PDF document text
    • http://www.occquimica.com.br/images/free-money-roblox-pc.pdfIn PDF document text
    • http://www.roumlouki.gr/images/free-robux-today-generator.pdfIn PDF document text
    • https://www.bmtools.ru/images/roblox-robux-hack-using-cheat-engine-64.pdfIn PDF document text
    • http://bkd1.balikpapan.go.id/images/roblox-hacked-accounts-list-2021.pdfIn PDF document text
    • http://almidonesdesucre.com.co/images/ultimate-driving-roblox-cheat-speeding.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00005834.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x5834 24836 bytes
SHA-256: 4db82a2ba626ceff524ce9eb5bf8cd47e6cff26c0ab708aaf35b7258cbc8f90d
font_01_sfnt_off000090df.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x90DF 5696 bytes
SHA-256: 450e3ee45915afe13702bf1d587eb8b9ad88a8d2113419ac9f2fd116a828e139
font_02_sfnt_off00009df0.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9DF0 18028 bytes
SHA-256: 7ea27ed10afe33f2083cc47cfb7eea3b72423e16bb41c7c110c2574b1e5857a3