Malicious PDF — malware analysis report

Static analysis result for SHA-256 48318627190b9439…

MALICIOUS

PDF

213.8 KB Created: 2021-04-04 23:22:53 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-25
MD5: f4da058d2606f8b6ffa8bf73b1a11eef SHA-1: 4287a9233c865a96a498292a991ceff05c951c57 SHA-256: 48318627190b94398458618432e37616f7c99b2152c32b9ab83784e2daf55191
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5055

Heuristics 3

  • ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-mad-city-hack-money-francais PDF link annotation
    • http://dmoraitis.gr/images/roblox-inspect-consle-hacks.pdfIn PDF document text
    • http://petarda.hu/images/hack-para-las-contraseas-de-roblox.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/redeem-card-2021-robux-free.pdfIn PDF document text
    • http://britishcomics.com/images/free-robux-without-survey-or-human-verification.pdfIn PDF document text
    • http://moralcenter.or.th/images/how-to-hack-phantom-forces-roblox-lvl-hack.pdfIn PDF document text
    • http://www.inservis.cl/images/roblox-robux-hack-download-2021.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/free-roblox-level-creating-scripts.pdfIn PDF document text
    • http://safwafurniture.com/images/roblox-fire-hack-cheat-engine.pdfIn PDF document text
    • http://bau-lk.de/images/carte-roblox-free-card.pdfIn PDF document text
    • https://schulzpressetext.de/images/how-to-hack-roblox-deathrun.pdfIn PDF document text
    • http://grahambettsmotors.com/images/hackear-cuentas-de-roblox-gratuitas.pdfIn PDF document text
    • http://tehergumi.hu/images/free-coins-for-roblox.pdfIn PDF document text
    • http://keepcasscountybeautiful.com/images/roblox-how-to-make-a-shirt-for-free.pdfIn PDF document text
    • http://biotronics.com.cy/images/roblox-hack-robux-gratis-2021.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/download-hack-roblox-jailbreak-2021.pdfIn PDF document text
    • http://ernstgloves.co.il/images/how-to-free-robux-100-virus.pdfIn PDF document text
    • http://kishplus.ir/images/roblox-hack-mod-windows-7.pdfIn PDF document text
    • http://homequeen.de/images/free-team-deathmatch-map-roblox.pdfIn PDF document text
    • http://ctr74.net/images/free-jeff-the-killer-face-roblox.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/roblox-cheat-injector.pdfIn PDF document text