PDF static analysis report

Static analysis result for SHA-256 583daeb152237da2…

SUSPICIOUS

PDF

56.9 KB Created: 2021-04-06 00:07:12 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 87b3ac264497d48dcacd0a8b48b6a27a SHA-1: 3c9daaf06c06cd3d98c6a659f3768f491a099aea SHA-256: 583daeb152237da2fae9d3c33071418a824e33806e47b3b9f114ed4a63b1b532
36 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF document contains numerous URLs, with the primary one being http://gaminggenerator.org/app/431946152/roblox-mad-city-money-free, which is presented as a lure for free in-game currency. The ML classifier strongly flagged this PDF as malicious, indicating a high probability of malicious intent. Although no scripts were explicitly extracted, the presence of embedded URLs and the document's content suggest a phishing or scam attempt, likely delivered as a spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9593

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-mad-city-money-free PDF link annotation
    • https://www.sitiwebjoomla.it/images/robux-hack-tips.pdfIn PDF document text
    • http://www.gadanie.lv/images/roblox-free-items-2021-codes.pdfIn PDF document text
    • http://eddieblum.nl/images/52-000-000-robux-free.pdfIn PDF document text
    • http://learningarabic.co.uk/images/roblox-give-tool-hack-pastebin.pdfIn PDF document text
    • http://kids-academy.pl/images/admin-commands-roblox-hack-script.pdfIn PDF document text
    • http://lllaw.eu/images/cheats-for-mega-gun-obby-roblox.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/free-robux-com-2021.pdfIn PDF document text
    • http://killebergsridsport.se/images/how-to-hack-srf-15-a-roblox.pdfIn PDF document text
    • https://gestionpatrimonial.net/images/roblox-com-how-to-get-free-robux.pdfIn PDF document text
    • http://zarinnameh.ir/images/free-girl-roblox-accounts-2021.pdfIn PDF document text
    • http://www.mikramarine.gr/images/how-to-make-a-cool-roblox-character-free.pdfIn PDF document text
    • https://www.cnte.org.br/images/my-boyfriend-cheated-on-me-with-his-ex-roblox.pdfIn PDF document text
    • http://schrichte.de/images/add-robux-free.pdfIn PDF document text
    • https://shimony.net/images/roblox-script-injector-2021-free.pdfIn PDF document text
    • http://facingachild.org/images/diamond-hack-roblox-royale-high.pdfIn PDF document text
    • http://cristalysoptic.com/images/free-robux-no-subscription.pdfIn PDF document text
    • https://www.hbproducts.dk/images/march-18-roblox-hack.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-enter-cheat-codes-in-roblox.pdfIn PDF document text
    • https://www.romedia.gr/images/how-to-hack-roblox-apocalypse-rising.pdfIn PDF document text
    • https://schaefer-rechtsanwaelte.com/images/robux-hack-download-pc-2021.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/code-to-hack-robux.pdfIn PDF document text
    • http://www.marambio.com.ar/images/free-robux-in-roblox-2021.pdfIn PDF document text
    • http://kingmusic.pl/images/how-to-have-free-clothes-on-roblox.pdfIn PDF document text
    • http://asiasieja.pl/images/free-roblox-free-play.pdfIn PDF document text
    • https://www.apollowebdesign.in/images/robux-hack-html.pdfIn PDF document text
    • https://www.albisser.ch/images/roblox-robux-and-tix-hack-rtm-tool.pdfIn PDF document text
    • https://verdensbarn.no/images/free-simulator-roblox.pdfIn PDF document text
    • http://dorfgaragethalwil.ch/images/hacks-para-sinking-ship-roblox.pdfIn PDF document text
    • http://www.mosaikshop.at/images/rbxrocks-free-robux.pdfIn PDF document text
    • http://cristalysoptic.com/images/roblox-hack-get-unlimited-free-robux-generator-no-human-verification.pdfIn PDF document text
    • http://livebybuddhism.org/images/how-change-in-roblox-for-free.pdfIn PDF document text
    • http://www.gadanie.lv/images/what-free-program-for-roblox-shirts.pdfIn PDF document text
    • https://www.cpnf.ch/images/roblox-shinobi-origin-cheat.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/free-roblox-alts.pdfIn PDF document text
    • http://www.ntc.edu.za/images/free-avater-maker-roblox.pdfIn PDF document text
    • https://www.porthos.it/images/how-to-quickly-get-80-robux-free.pdfIn PDF document text
    • https://www.manisoft.ir/images/fly-hack-roblox-no-cheat-engine-any-games.pdfIn PDF document text
    • http://homequeen.de/images/robux-for-free-quick-and-easy.pdfIn PDF document text
    • https://www.gvandenakker.nl/images/roblox-free-wings-code.pdfIn PDF document text
    • http://moralcenter.or.th/images/robux-hack-apple.pdfIn PDF document text
    • https://www.saisystem.it/images/how-to-get-free-robux-on-roblox-com.pdfIn PDF document text
    • http://domaizdereva24.ru/images/roblox-admin-hack-any-server-unpatched.pdfIn PDF document text
    • http://haertetechnik-steinbach.de/images/is-it-possible-to-get-robux-for-free.pdfIn PDF document text
    • http://jkcoaching.nl/images/treasure-hunt-roblox-hacks.pdfIn PDF document text
    • http://www.fluidtech.hu/images/how-to-change-your-username-on-roblox-for-free-2021.pdfIn PDF document text
    • http://cosver.eu/images/all-gamepasses-free-on-roblox-gitch.pdfIn PDF document text
    • http://www.maakherumusic.net/images/how-to-change-money-in-roblox-using-cheat-engine.pdfIn PDF document text
    • http://www.controverseinterapie.it/images/how-to-hack-roblox-mm2.pdfIn PDF document text
    • http://shootawayproduction.com/images/roblox-snow-shoveling-simulator-free-santa-bag.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008250.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8250 25712 bytes
SHA-256: 7eeee04dd6abab4a7b6e58c69d66c08c65073d2c34aa6d56d0c0fa31940d3ccf
font_01_sfnt_off0000bd01.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBD01 18344 bytes
SHA-256: a403ad9cbf49cc62a9e3b7ca1ee529583b96fd9ff9841212a780fcd27ef2476c