PDF static analysis report

Static analysis result for SHA-256 683309505bac292e…

SUSPICIOUS

PDF

39.7 KB Created: 2021-04-25 22:15:49 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 61fb948e1629e44ce8c6728e93bcad87 SHA-1: c4440a2f6301ad7d10bcb9fe739468d44ce0d00f SHA-256: 683309505bac292e1d4da5351cae2e888061a5900f6b8c9f9e3562e0b15c86c2
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document contains multiple URLs related to Roblox hacks and free currency, with one prominent URL identified as a potential download source. The ML classifier strongly flagged this PDF as malicious, and the presence of embedded URLs and a call-to-action button suggests a phishing or malware distribution attempt. No scripts were extracted, but the overall context points to a social engineering lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9941

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/431946152/free-robux-and-v-bucks-game-hack PDF link annotation
    • https://lib-stie.yai.ac.id/repository/roblox-free-limited-faces.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/how-to-hack-roblox-2021-easy.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/infini-speed-roblox-cheat.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/best-and-easiest-roblox-hack-for-robux.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/free-robux-generator-kid-friendly.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/cheat-robux-cheat-engine.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/how-to-get-free-robux-jefftec.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/descargar-roblox-hackeado-con-robux.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/roblox-backdoor-gamez-to-hack.pdfIn PDF document text
    • https://lib-stie.yai.ac.id/repository/free-promotional-codes-roblox.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00003f57.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3F57 25680 bytes
SHA-256: 564161e39ee4e3d7c911f6d25c79222952803269a5256f4584f30d6df9eb9ded
font_01_sfnt_off000078da.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x78DA 18492 bytes
SHA-256: 341237ee0cf3f94e346ddfd4ff78ffffcb4398da41f3e02ff00d295f553e4aa5