PDF static analysis report

Static analysis result for SHA-256 5416042d43b07ac6…

SUSPICIOUS

PDF

60.2 KB Created: 2021-04-05 19:43:06 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: a76b57f0878c58b1a18e9637b6a4b7c4 SHA-1: 1601331d687de96441edbe61ea900bb50ba57b21 SHA-256: 5416042d43b07ac64b0766c432d8db7c7eba681fb7e0432398e1508642871bbe
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a clear call-to-action to download a "Hack Roblox Lumber Tycoon 2" from a provided URL. While no scripts were directly extracted, the presence of numerous embedded URLs and a high ML classifier score suggest malicious intent, likely leading to the download of a secondary payload. The document's content and structure are consistent with a phishing or malware distribution lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5391

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/download-hack-roblox-lumber-tycoon-2 PDF link annotation
    • http://vagency.us/images/roblox-free-wings-avatar.pdfIn PDF document text
    • https://komakinosite.jp/images/roblox-code-free.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/free-injector-roblox-hacks.pdfIn PDF document text
    • https://www.eglihotel.gr/images/how-to-get-2021202120212021-robux-for-free.pdfIn PDF document text
    • http://www.hawler.in/images/dll-hack-roblox-phantom-forces.pdfIn PDF document text
    • http://legs11.co.za/images/hacks-para-roblox-aimbot-en-strucid.pdfIn PDF document text
    • http://www.elis-strechy.cz/images/how-to-get-free-admin-on-roblox-hack.pdfIn PDF document text
    • http://www.isril.it/images/how-to-fix-a-hacked-roblox-game.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/site-fxcker-roblox-hack.pdfIn PDF document text
    • http://www.comitatoiseo.org/images/how-to-get-free-robux-inspect-element-2021.pdfIn PDF document text
    • https://socialvalue.gr/images/roblox-laser-tycoon-cheats.pdfIn PDF document text
    • https://www.fhccu.com/images/free-red-hair-in-roblox.pdfIn PDF document text
    • http://wcasrock.org/images/roblox-highschool-hack-script-pastebin-money.pdfIn PDF document text
    • http://jdlwealth.com/images/star-code-roblox-hack.pdfIn PDF document text
    • http://daksz.hu/images/how-to-get-free-audio-jailbreak-roblox.pdfIn PDF document text
    • https://bapalaye.org/images/hacking-of-roblox-accounts.pdfIn PDF document text
    • http://jugendfeuerwehr-scheinfeld.de/images/how-to-hack-on-roblox-with-cheat-engine.pdfIn PDF document text
    • http://www.beged.at/images/pastebin-roblox-hack-script.pdfIn PDF document text
    • http://internetdeputy.com/images/clicksfly-free-robux.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/free-roblox-game-stolen.pdfIn PDF document text
    • http://echosvoix.ch/images/how-to-free-robux-ad.pdfIn PDF document text
    • http://behsanroshd.com/images/download-free-cool-roblox-outfits-for-man.pdfIn PDF document text
    • http://kruiz21.ru/images/roblox-speed-hack-june-1-2021.pdfIn PDF document text
    • http://gremihostaleria.cat/images/roblox-grand-blox-auto-money-cheat.pdfIn PDF document text
    • http://www.rezbb.sk/images/roblox-elemental-battlegrounds-hacks-win10-2021.pdfIn PDF document text
    • http://medimacs.eu/images/how-to-get-the-antine-villa-roblox-free.pdfIn PDF document text
    • http://agrupamentoescolas-alfredo-da-silva.com/images/roblox-hack-2021-robux-download.pdfIn PDF document text
    • https://osk-sibir.ru/images/roblox-money-hack-mad-city-2021-safe.pdfIn PDF document text
    • http://www.evaplast.by/images/nike-t-shirt-roblox-free.pdfIn PDF document text
    • https://servotecnica.com/images/how-to-get-free-robux-in-meep-city.pdfIn PDF document text
    • http://smart-pro.co.uk/images/cheat-roblox-mad-city-money.pdfIn PDF document text
    • http://salantiskis.lt/images/pastebin-free-robux-no-waiting.pdfIn PDF document text
    • https://osk-sibir.ru/images/robux-live-stream-hack.pdfIn PDF document text
    • http://cleanteclogistics.com/images/start-earning-free-robux-today.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/roblox-cheats-uhrzeit-ndern.pdfIn PDF document text
    • http://rafaelmontesinos.com/images/robux-hack-android-no-verification.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/how-do-you-get-tickets-on-roblox-for-free.pdfIn PDF document text
    • http://the-specials.ch/images/roblox-hack-999999-robux-pc-2021-august.pdfIn PDF document text
    • https://www.wijhalenhetop.nl/images/mega-hack-roblox.pdfIn PDF document text
    • http://aistplus.ru/images/roblox-sword-simulator-power-hack.pdfIn PDF document text
    • http://uptodate.az/images/how-to-hack-the-swat-clothes-in-roblox.pdfIn PDF document text
    • http://soma.com.ua/images/desc-this-obby-will-get-you-free-robux-without-password.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/freer-robux-codes.pdfIn PDF document text
    • http://instrutech.co.th/images/how-to-change-your-username-on-roblox-for-free.pdfIn PDF document text
    • https://gzog.pl/images/roblox-bc-free-trial.pdfIn PDF document text
    • http://eventgo.fr/images/free-promo-codes-for-roblox-clothes.pdfIn PDF document text
    • http://cosver.eu/images/free-redeem-code-roblox.pdfIn PDF document text
    • http://famoirs.co.uk/images/free-roblox-mobile-app.pdfIn PDF document text
    • http://76remont-kvartir.ru/images/roblox-free-robux-gift-card-codes.pdfIn PDF document text
    +12 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000821a.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x821A 25616 bytes
SHA-256: 0b1b24c48ee21c96b524d9a79e94f2ddf80482acc63b49babb31f0e6d7ea4d5b
font_01_sfnt_off0000bbc9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBBC9 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c579.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC579 18928 bytes
SHA-256: ede96f4893a15112829597013196fc75871b4f6d86a3d9f47b3b247e21ad5286