PDF static analysis report

Static analysis result for SHA-256 608b61330e50629b…

SUSPICIOUS

PDF

59.8 KB Created: 2021-04-05 21:05:05 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 5d45698ef636ef3fb174d375ebc528b6 SHA-1: 921400405ff4081a670d00a6f33de25c9e134416 SHA-256: 608b61330e50629b939e23ad1f73f8c9053c3a4d5246bd69474ad24778002109
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7417

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-mm2-cheats PDF link annotation
    • http://colegioluisamigo.cl/images/bot-group-hack-roblox.pdfIn PDF document text
    • http://www.visiblefilm.com/images/roblox-ripull-hacking.pdfIn PDF document text
    • https://gomsa.nl/images/roblox-hack-apk-mod.pdfIn PDF document text
    • http://moralcenter.or.th/images/free-robux-hack-promo-codes.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/live-free-roblox-card.pdfIn PDF document text
    • http://rushxpress.de/images/who-is-the-best-hacker-in-roblox.pdfIn PDF document text
    • http://www.boic.nl/images/how-to-hack-roblox-for-robux-2021.pdfIn PDF document text
    • http://apostolosandreaslemesou.com/images/roblox-booga-booga-mojo-hack-weardevs.pdfIn PDF document text
    • https://www.audipec.com.br/images/roblox-com-free.pdfIn PDF document text
    • http://www.herbasacra.gr/images/roblox-speed-boats-free.pdfIn PDF document text
    • http://www.vktzunami.cz/images/hack-para-roblox-mathdrive-jailbreak.pdfIn PDF document text
    • http://zarinnameh.ir/images/how-to-make-free-shirts-on-roblox-with-asset-downloader.pdfIn PDF document text
    • http://mydevice.com.au/images/tradelands-roblox-hack.pdfIn PDF document text
    • http://halal-center.ru/images/roblox-jailbreak-unlimited-free-money-hack.pdfIn PDF document text
    • http://ferienhaus-summt.de/images/outfit-code-free-garcon-roblox.pdfIn PDF document text
    • https://www.yewtreealpacas.co.uk/images/como-hackear-cuenta-de-roblox-facil.pdfIn PDF document text
    • http://www.gongoff.com/images/roblox-robux-free-codes-2021.pdfIn PDF document text
    • http://telecomworld.pl/images/free-robux-admin.pdfIn PDF document text
    • http://beagles-of-harmony.de/images/xbox-john-roblox-free.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/roblox-vip-hack-fashion.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/robux-free-robux-robux-robux-robux-robux-robux-robux.pdfIn PDF document text
    • http://www.zdravazena.sk/images/roblox-is-there-a-way-to-get-free-robux.pdfIn PDF document text
    • https://verdensbarn.no/images/free-gears-on-roblox.pdfIn PDF document text
    • https://www.audev.com/images/avatar-hacker-en-roblox.pdfIn PDF document text
    • http://www.rezbb.sk/images/roblox-cheat-2021.pdfIn PDF document text
    • http://ghegamethu.vn/images/how-to-get-free-robux-not-clickbait.pdfIn PDF document text
    • https://belixconstructions.com.au/images/all-free-robux-promo-codes.pdfIn PDF document text
    • https://beejekorf.nl/images/how-to-get-the-green-dragon-wings-roblox-for-free.pdfIn PDF document text
    • http://pdapanache.com/images/roblox-game-guide-tips-hacks-cheats-mods-apk-download.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/how-to-get-stuffes-for-free-in-roblox.pdfIn PDF document text
    • http://www.gadanie.lv/images/roblox-cheating-youtube.pdfIn PDF document text
    • https://camillesplace.org/images/how-to-get-it-free-robux.pdfIn PDF document text
    • http://salantiskis.lt/images/hack-de-game-pass-para-horse-world-roblox.pdfIn PDF document text
    • https://ballaratcaravans.com.au/images/apocylopse-rising-roblox-hacks.pdfIn PDF document text
    • http://www.mikramarine.gr/images/robux-hack-no-survey-no-verification-2021.pdfIn PDF document text
    • http://adues.org/images/adopt-me-roblox-hack-gui-trolling.pdfIn PDF document text
    • http://intrasservices.com/images/site-hack-roblox.pdfIn PDF document text
    • https://verdensbarn.no/images/roblox-counter-blox-roblox-offensive-hacks-very-op.pdfIn PDF document text
    • http://arthakranti.org/images/how-do-i-get-free-robux-on-my-ipad.pdfIn PDF document text
    • http://www.adravietnam.org/images/roblox-spiel-free-robux-generator.pdfIn PDF document text
    • http://serviio.org/images/prisonbreak16-hack-script-roblox.pdfIn PDF document text
    • http://killebergsridsport.se/images/roblox-hack-jhon-doe.pdfIn PDF document text
    • https://itv-grabungen.de/images/notoriety-roblox-cheats.pdfIn PDF document text
    • https://www.u-pin-it.com/images/roblox-all-free-items-list.pdfIn PDF document text
    • http://canadatowers.com/images/daniel-refu10-free-gift-card-roblox.pdfIn PDF document text
    • http://www.gadanie.lv/images/roblox-noclip-cheat.pdfIn PDF document text
    • http://fotoclub3b.it/images/roblox-hacks-no-virus.pdfIn PDF document text
    • http://www.awakeningtruth.org/images/evil-face-roblox-free.pdfIn PDF document text
    • http://lepatrimoinedesvallees.fr/images/how-to-get-a-hacked-account-on-roblox.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off000086dc.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x86DC 28436 bytes
SHA-256: 1cdcef9f4aa2513a67cde0f15aa48a0c68550ce05a2099ae667aef20a22b9d18
font_01_sfnt_off0000c683.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC683 18128 bytes
SHA-256: 884bef3abce96cfcb44f734d82e9cb44766f2e548b8fb54c26bdcb92fac45841