PDF static analysis report

Static analysis result for SHA-256 6c5b153863fa4734…

SUSPICIOUS

PDF

34.8 KB Created: 2021-06-28 02:40:05 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: 6d6fad67cfdd7ce80115843f030fdc93 SHA-1: ba98ffb48ee421d9f23fc959d41b65198a98ea8c SHA-256: 6c5b153863fa4734bd14697d57bf480f185c3aea9e78a6b544706878ac7c8c30
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains lures related to 'hacking' and 'free Robux' for the game Roblox, directing users to external URLs. The ML classifier flagged this PDF with high confidence, indicating malicious intent. The presence of external URIs and the document's theme suggest it is likely a phishing or social engineering attempt to trick users into downloading further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/how-to-hack-someone-on-roblox-2021-game-hack PDF link annotation
    • https://indo-parabola.com/ckfinder/userfiles/files/roblox-hacked-version_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/how-to-get-free-robux-no-download-2021_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/free-roblox-hair-to-wear_GM431946152.pdfIn PDF document text
    • https://indo-parabola.com/ckfinder/userfiles/files/free-roblox-hair-boy_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/orewards-com-free-robux_GM431946152.pdfIn PDF document text
    • https://indo-parabola.com/ckfinder/userfiles/files/www-free-robux-party_GM431946152.pdfIn PDF document text
    • https://indo-parabola.com/ckfinder/userfiles/files/cripthe-poodle-hacked-roblox_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/free-robux-2021_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/free-robux-without-verification-2021_GM431946152.pdfIn PDF document text
    • https://indo-parabola.com/ckfinder/userfiles/files/free-robux-hack-script-vermillion_GM431946152.pdfIn PDF document text
    • https://indo-parabola.com/ckfinder/userfiles/files/roblox-free-unlimited-robux_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/roblox-free-robux-by-roblox_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/free-spins-on-coin-master_GM406889139.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/mcpe-optifine_GM479516143.pdfIn PDF document text
    • https://indo-parabola.com/ckfinder/userfiles/files/cute-free-roblox-clothes_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/free-robux-generator-android_GM431946152.pdfIn PDF document text
    • https://indo-parabola.com/ckfinder/userfiles/files/roblox-premium-free_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/2021202168-roblox-code-hack_GM431946152.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/free-spin-coin-master-2021_GM406889139.pdfIn PDF document text
    • https://www.indo-parabola.com/ckfinder/userfiles/files/robloxheroxyz-free-robux_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002e31.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2E31 22908 bytes
SHA-256: 207c2e0174f8e15cd379abb44297997db6eb33ef6566a119f22c34c23cddaffb
font_01_sfnt_off0000618f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x618F 19480 bytes
SHA-256: d330350eec775ad06d67b8d40934e5f7135b9e92aeab6bb67931f68481ddbd19