PDF static analysis report

Static analysis result for SHA-256 5f70f6a23b8524c9…

SUSPICIOUS

PDF

61.1 KB Created: 2021-04-05 20:01:44 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-05
MD5: 7a38889a5549016ded13fe7e7291d1c4 SHA-1: a483f49e157eafc1dc56173cebfbb93e276b2439 SHA-256: 5f70f6a23b8524c96171a35a2aff80f458098330038eb77611067a044718b4c9
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF document contains multiple embedded URLs and a prominent call-to-action related to downloading a 'Roblox Hack'. The ML classifier also flagged the PDF as malicious. While no scripts were directly extracted, the presence of external links suggests an attempt to redirect the user to a malicious site for downloading potentially harmful software.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-hack-download-apocalypse-rising PDF link annotation
    • https://gomsa.nl/images/top-10-roblox-groups-for-free-robux.pdfIn PDF document text
    • http://axia-verlag.at/images/is-free-robux-fake.pdfIn PDF document text
    • https://meltonschool.org/images/free-robux-guide.pdfIn PDF document text
    • http://www.friendshiptransport.net/images/free-robux-no-survey-no-download-2021-ios.pdfIn PDF document text
    • https://www.essentracomponents.com.my/images/how-to-change-your-health-on-roblox-with-cheat-engine.pdfIn PDF document text
    • http://bkd1.balikpapan.go.id/images/how-to-hack-roblox-accounts-passwords-2021.pdfIn PDF document text
    • https://www.ncscolour.no/images/free-robux-hack-by-justin-master.pdfIn PDF document text
    • http://britishcomics.com/images/free-roblox-jailbreak.pdfIn PDF document text
    • http://dos.most.gov.la/images/how-to-hack-in-boku-no-roblox.pdfIn PDF document text
    • https://www.hbproducts.dk/images/roblox-robux-generator-free-robux.pdfIn PDF document text
    • http://bullyinformate.org/images/free-military-costume-roblox.pdfIn PDF document text
    • https://www.cfdcnv.com/images/javascript-robux-free.pdfIn PDF document text
    • https://www.millatgears.com/images/9-legit-ways-to-get-free-robux.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/roblox-bloxburg-free-100k.pdfIn PDF document text
    • https://www.cpnf.ch/images/free-roblox-boy-hair-not-a-model.pdfIn PDF document text
    • https://corbo.ru/images/adopt-me-pets-roblox-how-to-get-free-bucks.pdfIn PDF document text
    • http://autenticohostalsalou.com/images/roblox-hacks-with-windows-8.pdfIn PDF document text
    • http://www.kalaaliaraq.dk/images/get-free-server-host-roblox-got-talent.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/black-adidas-t-shirt-roblox-free.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/hack-para-texting-simulator-roblox-bitoneum.pdfIn PDF document text
    • http://dos.most.gov.la/images/roblox-booga-booga-cheat-engine-how-to-get-unlimited-essence.pdfIn PDF document text
    • https://waterpark.by:443/images/how-to-get-free-stuff-in-dungeon-quest-roblox.pdfIn PDF document text
    • http://www.fluidtech.hu/images/roblox-robux-hack-2021-october.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/roblox-jailbreak-noclip-hack-download.pdfIn PDF document text
    • http://bibliotheque-perrigny-les-dijon.fr/images/paypal-roblox-hack.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/how-to-hack-an-abandoned-roblox-account.pdfIn PDF document text
    • http://yioipzafeiri.gr/images/free-robux-apk-extension.pdfIn PDF document text
    • https://www.gymun.cz/images/roblox-script-injector-free.pdfIn PDF document text
    • http://mechanism.gr/images/how-to-get-offsale-stuff-on-roblox-free.pdfIn PDF document text
    • https://semanasantacehegin.com/images/can-cheat-engine-get-you-banned-roblox.pdfIn PDF document text
    • https://gafaseo.com/images/roblox-free-admin-script-pastebin.pdfIn PDF document text
    • http://jointworkstudio.com/images/roblox-flood-escape-cheats.pdfIn PDF document text
    • http://www.fanciullovito.it/images/hack-to-join-flamingo-in-roblox.pdfIn PDF document text
    • https://www.hbproducts.dk/images/hack-roblox-reddit.pdfIn PDF document text
    • http://www.htc.edu.au/images/free-robux-codes-no-verification-2021.pdfIn PDF document text
    • http://eddegrootassurantien.nl/images/how-to-get-free-clothes-no-robux-of-freinds.pdfIn PDF document text
    • https://bdsm-centrum.com/images/how-to-get-2021-robux-for-free-no-hacks.pdfIn PDF document text
    • http://ims-77.fr/images/roblox-hack-links.pdfIn PDF document text
    • http://moto98.com/images/how-to-get-robux-easy-hack.pdfIn PDF document text
    • http://internetdeputy.com/images/free-perm-admin-roblox.pdfIn PDF document text
    • http://lechia-sedziszow.pl/images/roblox-noclip-hack-download-jailbreak.pdfIn PDF document text
    • http://androidthai.in.th/images/how-can-i-get-robux-free.pdfIn PDF document text
    • http://www.lascalamilanowallcovering.it/images/roblox-any-game-hack-download.pdfIn PDF document text
    • http://iluvlocalplaces.com/images/how-hack-roblox-games.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/omega-roblox-hack.pdfIn PDF document text
    • http://talkingbudgie.com/images/roblox-accounts-for-sale-free.pdfIn PDF document text
    • http://greasley.online/images/robux-hack-2021-fluxx.pdfIn PDF document text
    • http://goosesscuba.com/images/roblox-hack-fr-pc.pdfIn PDF document text
    • http://www.hawler.in/images/rob-hacker-robux-generator.pdfIn PDF document text
    +18 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008459.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8459 25144 bytes
SHA-256: 398b3f717f2935126250e29fa93708d6ba0a2903a046f9ff6a61d565d62a654f
font_01_sfnt_off0000bc45.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBC45 3884 bytes
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf
font_02_sfnt_off0000c8ec.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC8EC 19024 bytes
SHA-256: 67404e9d36a5449fb519f7cae859c2ad6a84bdb29b67ce6d72d80d023584f3d5