PDF static analysis report

Static analysis result for SHA-256 53d0f30c64707a00…

SUSPICIOUS

PDF

58.3 KB Created: 2021-04-05 21:15:16 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-01
MD5: 2de1287427a1750c5f414ccc706af6e9 SHA-1: 8553a68b6c3bfadc69af2941d53204ff322aa778 SHA-256: 53d0f30c64707a003b8fbe627fa817b4719c1edb2f8fb8fd52b2ca0c6d58c407
36 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious Link

The PDF document contains numerous links related to hacking and obtaining free currency for the game Roblox. The document body explicitly mentions 'Como Hackear Robux En Roblox Facil Y Rapido En Celular', indicating a lure for users interested in game exploits. The ML classifier flagged this PDF as malicious with a high probability, and the presence of many external URIs further supports a malicious intent to redirect users to potentially harmful sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9593

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/como-hackear-robux-en-roblox-facil-y-rapido-en-celular PDF link annotation
    • http://goldwing-shop.ru/images/youtube-roblox-jailbreak-hack-keycard.pdfIn PDF document text
    • http://kermas.eu/images/roblox-online-hack-tool.pdfIn PDF document text
    • https://verdensbarn.no/images/roblox-cheat-engine-change-stat.pdfIn PDF document text
    • http://domaizdereva24.ru/images/roblox-free-robux-no-human-verification-2021.pdfIn PDF document text
    • http://reggieslockandkey.com/images/wanna-join-my-free-giftcard-giveaway-roblox-id.pdfIn PDF document text
    • http://parkinsononline.com/images/hack-vip-roblox.pdfIn PDF document text
    • http://glaubensfragen.org/images/how-to-get-free-robux-for-pc-2021.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/roblox-hack-apk-2021.pdfIn PDF document text
    • http://fradiomas.com/images/free-cerberus-roblox.pdfIn PDF document text
    • http://ernstgloves.co.il/images/roblox-dubliezieren-hack.pdfIn PDF document text
    • https://masseymotorcars.com/images/comment-acheter-des-robux-avec-une-carte-hacker.pdfIn PDF document text
    • https://studentcareerinfo.com/images/free-roblox-cocdes.pdfIn PDF document text
    • https://koeltotaal.com/images/i-hacked-deines-daily-roblox.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/cheat-engine-roblox-super-speed.pdfIn PDF document text
    • http://centuriatus.com/images/roblox-hack-2021-free-download.pdfIn PDF document text
    • http://drentklubben.se/images/free-robux-30.pdfIn PDF document text
    • http://ff-obertraun.at/images/how-to-get-free-robux-no-hack-april-2021.pdfIn PDF document text
    • http://a1scan3d.com/images/hack-peoples-accounts-roblox.pdfIn PDF document text
    • http://santjoandelesabadesses.cat/images/v3rmillion-free-roblox-exploits.pdfIn PDF document text
    • http://bagna.pl/images/how-to-how-to-get-free-robux.pdfIn PDF document text
    • http://prodent.com.ua/images/free-robux-computer-2021.pdfIn PDF document text
    • https://www.eglihotel.gr/images/hack-para-tener-robux-2021.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/free-cool-tshirt-roblox.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/free-account-roblox-2021.pdfIn PDF document text
    • http://osteonad.com/images/roblox-explorer-hack-script-pastebin-2021.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/cheat-codes-for-roblox-mad-paint-ball-2.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/how-to-find-out-who-hacked-your-roblox.pdfIn PDF document text
    • https://www.lomrad.go.th/images/free-robux-just-watch-ads.pdfIn PDF document text
    • http://www.imperialaccountingfl.com/images/how-do-u-become-a-hacker-in-roblox.pdfIn PDF document text
    • http://moto98.com/images/how-to-get-fre-robux-inspect-element-not-fake.pdfIn PDF document text
    • http://www.imperialaccountingfl.com/images/free-ranked-roblox.pdfIn PDF document text
    • https://www.porthos.it/images/how-do-doload-hacks-in-roblox.pdfIn PDF document text
    • http://gods-own.org/images/roblox-cheats-for-dead-rising-2.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/roblox-how-to-get-free-robux-2021-no-hack.pdfIn PDF document text
    • http://cleanteclogistics.com/images/roblox-build-a-boat-for-treasure-hack-2021.pdfIn PDF document text
    • http://britishcomics.com/images/hack-script-download-roblox.pdfIn PDF document text
    • http://shootawayproduction.com/images/gamecheat-us-roblox-hack.pdfIn PDF document text
    • https://masseymotorcars.com/images/can-you-sell-shirts-for-free-in-roblox.pdfIn PDF document text
    • https://www.porthos.it/images/todos-los-hacks-de-check-casher-v3-roblox-prision-life.pdfIn PDF document text
    • http://alpen-seeblick.at/images/roblox-wild-revolvers-hack.pdfIn PDF document text
    • https://seedungo.com/images/dss-roblox-money-hacks.pdfIn PDF document text
    • https://www.milewood.co.uk/images/how-to-hack-dantdm-on-roblox-and-give-robux.pdfIn PDF document text
    • http://mydevice.com.au/images/roblox-how-to-be-copletely-white-free.pdfIn PDF document text
    • https://www.albisser.ch/images/free-roblox-levels.pdfIn PDF document text
    • http://safari-crimea.com/images/cheat-engine-trainers-for-roblox-list.pdfIn PDF document text
    • http://kruiz21.ru/images/free-roblox-gift-card-code-generator-2021.pdfIn PDF document text
    • http://bufbd.org/images/roblox-cheat-dll-phantom-forces.pdfIn PDF document text
    • https://www.laarsenco.nl/images/cheat-roblox-offensive.pdfIn PDF document text
    • https://sectorpravdy.com/images/how-to-earn-free-robux-in-roblox.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008557.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8557 26240 bytes
SHA-256: 8674a4a3a179fc50cc30ad3bca3296b2b07b1501b16949b74f5b4c030535e146
font_01_sfnt_off0000c11f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC11F 18912 bytes
SHA-256: dc7a8d03330f174c8c319c1a904859ca4f67f554cd10d52df2738e61ea08170e