PDF static analysis report

Static analysis result for SHA-256 4f3a9db5eb78ebd5…

SUSPICIOUS

PDF

59.9 KB Created: 2021-04-05 22:24:52 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: e412952c9c1af6d2cba22fe1556cd43d SHA-1: c772174f27a10d918e5972e6bc0752127a9af54d SHA-256: 4f3a9db5eb78ebd527ee3d7e111a7c183ede73a8dc4660fed003405b824a769a
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains numerous URLs pointing to game-related hacks and cheats, with a prominent URL for 'roblox-hack-apk-pc-download'. The ML classifier flagged the PDF as malicious, and the presence of external URIs suggests an attempt to redirect the user to a malicious download. Although no scripts were explicitly extracted, the document's structure and content strongly indicate a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-hack-apk-pc-download PDF link annotation
    • http://www.boic.nl/images/roblox-promo-codes-2021-free.pdfIn PDF document text
    • http://nevesomost.by/images/dragon-ball-z-rage-roblox-hack-2021.pdfIn PDF document text
    • https://www.gvandenakker.nl/images/get-free-robux-instantly-no-human-verification.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/cheat-roblox-jailbreak-2021-tp-unpatched.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/como-hackear-roblox-para-tener-robux-2021.pdfIn PDF document text
    • http://altc.de/images/get-free-obc-roblox.pdfIn PDF document text
    • https://www.air-shop.cz/images/free-robux-no-human-verification-2021-ios.pdfIn PDF document text
    • https://www.albisser.ch/images/rbxnowgg-free-robux.pdfIn PDF document text
    • http://cosver.eu/images/how-to-get-100-000-robux-for-free.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/hacks-of-roblox-2021.pdfIn PDF document text
    • http://safari-crimea.com/images/free-builders-club-code-roblox.pdfIn PDF document text
    • http://www.adravietnam.org/images/roblox-cheat-engine-70-bypass-2021-rog.pdfIn PDF document text
    • https://fkg.usu.ac.id/images/pet-simulator-cheats-roblox.pdfIn PDF document text
    • https://www.foodsafety.cz/images/how-to-get-free-roblox-clothes-2021.pdfIn PDF document text
    • https://europainstitut.hu/images/change-leader-stats-roblox-hack.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/best-free-roblox-jailbreak-hack.pdfIn PDF document text
    • http://www.les2alpes-location.com/images/roblox-auto-clicker-free.pdfIn PDF document text
    • http://www.gongoff.com/images/dignity-roblox-hacker.pdfIn PDF document text
    • http://bb-im2.com/images/how-to-hack-a-roblox-account-april-2021.pdfIn PDF document text
    • http://aadvanderklaauw.nl/images/robux-robux-robux-free-game-in-roblox.pdfIn PDF document text
    • http://leigraphics.com/images/roblox-hack-no-key.pdfIn PDF document text
    • http://www.hhls.com.au/images/robux-hack-no-human-verification-or-survey-2021.pdfIn PDF document text
    • http://www.fluidtech.hu/images/roblox-hack-sans-verification-humaine.pdfIn PDF document text
    • http://museumkk.ru/images/how-to-get-free-robux-free-codes.pdfIn PDF document text
    • https://www.fhccu.com/images/how-to-get-free-robux-quiz.pdfIn PDF document text
    • http://condit-pack.com/images/hacks-para-roblox-dragon-ball-rage-2021.pdfIn PDF document text
    • http://salon-vyshyvanka.com/images/como-hackear-una-cuenta-de-roblox.pdfIn PDF document text
    • https://wandersuechtig.de/images/box-prizes-free-robux.pdfIn PDF document text
    • https://fkg.usu.ac.id/images/john-doe-roblox-hacker-story.pdfIn PDF document text
    • https://scraperite.com/images/online-hack-robux.pdfIn PDF document text
    • http://www.mikramarine.gr/images/free-roblox-estudios.pdfIn PDF document text
    • https://www.najeebqasmi.com/images/free-robux-app-for-roblox.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/free-promo-codes-that-give-you-robux.pdfIn PDF document text
    • https://www.yewtreealpacas.co.uk/images/how-to-hack-into-accounts-in-roblox-2021.pdfIn PDF document text
    • http://www.evaplast.by/images/free-redeem-code-roblox-2021.pdfIn PDF document text
    • http://immobil-service.it/images/free-robux-no-inspect-element.pdfIn PDF document text
    • http://eurocomes.com/images/guess-the-drawing-roblox-hack.pdfIn PDF document text
    • https://www.stkdb.cz/images/free-robux-on-roblox-easy-and-fast.pdfIn PDF document text
    • http://pdapanache.com/images/obby-games-on-roblox-free-online-games.pdfIn PDF document text
    • http://www.kalaaliaraq.dk/images/codes-to-get-free-robux-may.pdfIn PDF document text
    • http://www.fanciullovito.it/images/roblox-apocalypse-rising-spawn-hack-2021.pdfIn PDF document text
    • https://ai-appenzell.ch/images/how-to-get-free-robux-no-password.pdfIn PDF document text
    • http://stansabbiatura.com/images/all-of-the-hairs-that-are-for-free-on-roblox.pdfIn PDF document text
    • http://kids-academy.pl/images/como-crear-un-hack-para-roblox.pdfIn PDF document text
    • http://firesafetyservices.biz/images/roblox-lumber-tycoon-2-cheat-codes.pdfIn PDF document text
    • https://meltonschool.org/images/is-john-doe-a-hacker-in-roblox.pdfIn PDF document text
    • http://www.hawler.in/images/corrupt-roblox-torso-free-servers.pdfIn PDF document text
    • http://www.pro-futuro.eu/images/roblox-free-robux-deutsch-pc.pdfIn PDF document text
    • http://www.thecoffeebaron.co.za/images/free-roblox-scripts-for-studio.pdfIn PDF document text
    +20 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008380.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8380 25500 bytes
SHA-256: b764bfc2f408f5c1415d7e8f2108e6d25405e7edfdb6bef961bf8954bf62ef1e
font_01_sfnt_off0000bcbc.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBCBC 2844 bytes
SHA-256: baad2f3f6808f4af03fa9398e38c580c8d846f7f773a947d8cc1f39b2753d31a
font_02_sfnt_off0000c67d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC67D 18268 bytes
SHA-256: 045492e516647a8b8f1c6f9287833e3580b65de17161b963319ed0e048b6eda1