Malicious PDF — malware analysis report

Static analysis result for SHA-256 64064a7d91366122…

MALICIOUS

PDF

52.4 KB Created: 2021-04-06 15:21:37 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 4685de3519259c02570d3da71ebdcca4 SHA-1: 1dc2c35173cc72a2c9c6584d5173d0345ae731ea SHA-256: 64064a7d91366122ea5324f59f8cd3bb052ef2a22d6230bff98e2cdd9861c763
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple links and a lure for game hacks, specifically targeting Roblox. The primary link redirects to 'enigmagenerator.com', which is flagged as a malicious lure. While no scripts were directly extracted, the PDF structure and embedded links suggest an attempt to redirect users to potentially malicious content or downloads, likely as part of a phishing or scam campaign.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8852

Heuristics 4

  • PDF links to a 'free generator / game hack' redirector high PDF_GAME_HACK_REDIRECT_LURE
    PDF's clickable action targets a redirector of the form /app/<id>/<slug>-game-hack — the landing-page shape of a large SEO 'free spins / generator / game hack' lure family that funnels victims through rotating disposable hosts to a malware/scam payload. The multi-link variants also trip ML/link-farm rules; this catches the single-link variants that otherwise score clean.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://enigmagenerator.com/app/431946152/roblox-game-hack PDF link annotation
    • http://www.eptaviation.com/images/free-roblox-items-pastebin.pdfIn PDF document text
    • http://caraless.com/images/roblox-meep-city-free-coins.pdfIn PDF document text
    • https://www.hbproducts.dk/images/gears-online-rpg-roblox-hack.pdfIn PDF document text
    • http://truebibleteaching.com/images/rc8-roblox-hack-download.pdfIn PDF document text
    • http://iricamidelcuore.it/images/roblox-steves-one-piece-hack-gui.pdfIn PDF document text
    • http://addair.co.uk/images/free-robux-no-server.pdfIn PDF document text
    • https://www.mvp.co.nz/images/hack-denisdaily-roblox-account.pdfIn PDF document text
    • http://chartsmart.com.au/images/roblox-deadzone-hack.pdfIn PDF document text
    • http://santjoandelesabadesses.cat/images/how-to-get-free-clothes-from-catalog-roblox.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/roblox-explorer-hack-script-pastebin-2021.pdfIn PDF document text
    • http://aistplus.ru/images/how-get-free-clothes-in-roblox.pdfIn PDF document text
    • http://hotel-buta.by/images/cheat-for-roblox-anime-fight-simulator.pdfIn PDF document text
    • http://abqwinair.com/images/free-roblox-accounts-with-passwords-2021.pdfIn PDF document text
    • http://aadvanderklaauw.nl/images/roblox-free-undertale-clothes.pdfIn PDF document text
    • http://pia2000.net/images/how-can-i-get-every-item-on-roblox-for-free.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/how-to-hack-in-any-roblox-account-2021.pdfIn PDF document text
    • http://kfz-werkstatt-etp.de/images/how-to-get-free-robux-2021.pdfIn PDF document text
    • http://medicalafrica.net/images/free-robux-codes-live.pdfIn PDF document text
    • http://rosadent.com/images/free-promo-codes-roblox-2021-june.pdfIn PDF document text
    • http://ambingenieria.com/images/roblox-update-download-free.pdfIn PDF document text
    • http://aistplus.ru/images/giftcards-roblox-free.pdfIn PDF document text
    • https://newenglandafs.com/images/free-robux-generator-2021-no-survey.pdfIn PDF document text
    • http://www.copoint.co.uk/images/how-to-cheat-in-unboxing-simulator-roblox.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/roblox-vehicle-simulator-money-hack-2021.pdfIn PDF document text
    • http://www.marambio.com.ar/images/free-robux-no-human-verification-or-scams.pdfIn PDF document text
    • http://brusivojimi.com/images/how-to-cheat-script-roblox.pdfIn PDF document text
    • http://mmech.com/images/cheats-for-roblox-rocitizens.pdfIn PDF document text
    • http://escolaarboc.cat/images/roblox-groups-that-give-free-robux.pdfIn PDF document text
    • http://www.pacoestrada.it/images/roblox-phantom-forces-hack-no-virus.pdfIn PDF document text
    • https://socialvalue.gr/images/how-do-you-get-lots-of-robux-for-free.pdfIn PDF document text
    • http://junktiquecollector.com/images/2021-bt-hack-for-roblox.pdfIn PDF document text
    • https://www.elevage-chiot.fr/images/youtube-free-robux-live.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/framed-roblox-hacks.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/roblox-shinobi-life-cheat-engine-spins.pdfIn PDF document text
    • http://fotoflas.gr/images/me-han-hackearon-roblox.pdfIn PDF document text
    • https://pompesfunebresleveque.fr/images/free-robux-and-tix-app.pdfIn PDF document text
    • http://technologicalsc.com/images/roblox-apple-store-tycoon-free-money.pdfIn PDF document text
    • http://pacatuamigo.com/images/free-robux-hack-no-verification-no-survey.pdfIn PDF document text
    • https://www.prodex-holz.cz/images/v3rmillion-hacks-roblox-treasure-quest.pdfIn PDF document text
    • http://grand-ural74.ru/images/roblox-phantom-forces-hack-june-2021.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/brick-cars-roblox-cheat-codes.pdfIn PDF document text
    • http://eltisstudio.sk/images/how-to-hack-prison-life-20-roblox.pdfIn PDF document text
    • http://ltdirect.co.uk/images/robloxcom-jailbreak-hack.pdfIn PDF document text
    • https://roberto-gac.com/images/free-verify-email-roblox.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/download-cheat-engine-64-roblox.pdfIn PDF document text
    • http://www.dimalcco.com/images/get-free-robux-skin-tone.pdfIn PDF document text
    • http://www.rezbb.sk/images/how-to-get-bloxburg-for-free-on-roblox.pdfIn PDF document text
    • http://ferienwohnung-walker.de/images/hack-para-roblox-jailbreak.pdfIn PDF document text
    • http://solidcommunication.ch/images/antlers-roblox-free.pdfIn PDF document text
    +12 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00006ce5.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x6CE5 26544 bytes
SHA-256: 2f564852051968ef5a0267922a9f8788754b66bf6b645da7aa4f9aa3cbe38cd7
font_01_sfnt_off0000a793.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xA793 18740 bytes
SHA-256: 7f5cd649e74c9f83ad007e4b3b540fc8695284e8fd8f8c595e5cbb331f2a10fe

Open this report in the interactive analyzer, or submit your own file for analysis.