PDF static analysis report

Static analysis result for SHA-256 4e4087ed518923f2…

SUSPICIOUS

PDF

57.5 KB Created: 2021-04-02 06:49:54 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-22
MD5: f5fb77c668fb3fafbb129a48a4440e9b SHA-1: bf2cfd45b029e46c386105dcf5098c3188859c02 SHA-256: 4e4087ed518923f2d4f8c397e82bce18c4e02a47bc9abce0da1c63df479b25d9
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7003

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/robux-hack-kostenlos PDF link annotation
    • http://learningarabic.co.uk/images/get-free-robux-on-roblox-2021-november.pdfIn PDF document text
    • http://www.arma-tek.com.tr/images/free-roblox-dlls-hack.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/roblox-jailbreak-free-money-march-2021.pdfIn PDF document text
    • http://www.rawbluesparis.fr/images/free-roblox-membership-codes.pdfIn PDF document text
    • https://www.eglihotel.gr/images/getting-roblox-cheats.pdfIn PDF document text
    • https://www.romedia.gr/images/synapse-x-roblox-free.pdfIn PDF document text
    • http://escolaarboc.cat/images/robux-hack-synapse.pdfIn PDF document text
    • http://www.fanciullovito.it/images/how-to-hack-and-get-robux-2021.pdfIn PDF document text
    • http://www.edid.nl/images/hacks-for-roblox-2-player-wizard-tycoon.pdfIn PDF document text
    • https://www.cgilbelluno.it/images/free-roblox-to-play-without-downloading.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/free-rs-roblox.pdfIn PDF document text
    • http://serventuarios.org.br/images/roblox-how-to-get-free-clothes-2021.pdfIn PDF document text
    • https://eddar.fr/images/how-to-hack-roblox-jailbreak-2021-mod-menu.pdfIn PDF document text
    • https://eddar.fr/images/can-you-use-cheat-engine-on-roblox.pdfIn PDF document text
    • https://tokunfome.com.br/images/robux-free-roblox-2021.pdfIn PDF document text
    • http://hemmet-strand.dk/images/roblox-the-legendary-swords-rpg-cheat-engine-hack.pdfIn PDF document text
    • https://www.hbproducts.dk/images/best-hacking-software-for-roblox.pdfIn PDF document text
    • https://www.iadh.bi/images/free-items-on-roblox-mobile.pdfIn PDF document text
    • http://www.lilamaemc.com.vn/images/roblox-online-account-hack-tool.pdfIn PDF document text
    • http://www.marambio.com.ar/images/anarchy-roblox-hacks-site-v3rmillionnet.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/all-free-idums-in-roblox.pdfIn PDF document text
    • https://www.cnte.org.br/images/how-hack-roblox-2021.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/roblox-hacked-download-apk.pdfIn PDF document text
    • http://kids-academy.pl/images/roblox-free-vuilders-club-upgrade.pdfIn PDF document text
    • https://crank.ee/images/island-royale-roblox-hack-esp-script-pastebin.pdfIn PDF document text
    • http://www.vktzunami.cz/images/boku-no-roblox-remastered-level-up-hack.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-get-100-free-robux-on-roblox.pdfIn PDF document text
    • http://www.it-network.com.mx/images/emeritus-hack-roblox.pdfIn PDF document text
    • https://www.eglihotel.gr/images/generator-roblox-hack.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/hex-number-gives-free-robux-no-verification-2021.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/roblox-hacked-remotes.pdfIn PDF document text
    • https://www.gestionaletrasporti.it/images/hack-para-hacker-todo-roblox-pastebin.pdfIn PDF document text
    • http://tuapseluxe.ru/images/roblox-hack-pastebin-2021.pdfIn PDF document text
    • https://estalagemmonteverde.com.br/images/how-to-make-money-on-roblox-for-free.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/how-to-hack-roblox-accounts-no-inspect.pdfIn PDF document text
    • https://amatq.ca/images/roblox-supreme-free.pdfIn PDF document text
    • http://agrao.in/images/roblox-super-power-training-simulator-free-vip-ser.pdfIn PDF document text
    • https://www.academiedespa.be/images/free-robux-cheat-engine.pdfIn PDF document text
    • https://www.gestionaletrasporti.it/images/get-free-robux-hack-2021.pdfIn PDF document text
    • https://estalagemmonteverde.com.br/images/hightlighter-player-roblox-cheat.pdfIn PDF document text
    • https://www.hotschool.com.au/images/real-how-to-get-free-robux.pdfIn PDF document text
    • https://amatq.ca/images/how-do-you-hack-somebody-in-roblox.pdfIn PDF document text
    • http://www.inservis.cl/images/online-free-robux-generator.pdfIn PDF document text
    • https://ballaratcaravans.com.au/images/roblox-easy-hacks-to-get-no-virouses.pdfIn PDF document text
    • http://mamedebenevides.com.br/images/free-robux-giver-no-survey.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/free-robux-for-kids-net.pdfIn PDF document text
    • https://www.yewtreealpacas.co.uk/images/roblox-how-to-get-tge-free-trial-trial-bc.pdfIn PDF document text
    • http://agrao.in/images/get-100-free-robux-daily.pdfIn PDF document text
    • http://www.eurosan1.ba/images/how-to-get-free-robux-on-computer-inspect.pdfIn PDF document text
    +52 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00008610.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8610 23432 bytes
SHA-256: 5ce11b6aebfb52de43ee53ad04a932a2558ea17998df73d16dcd33fba4f93bde
font_01_sfnt_off0000b9b4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB9B4 17996 bytes
SHA-256: 0d3adeb6f2f7077f49a0ab8110994b34800833e0ff1a44fe32266283c10cdf74