PDF static analysis report

Static analysis result for SHA-256 6e0e6693b9ae71ec…

SUSPICIOUS

PDF

60.7 KB Created: 2021-04-05 18:41:50 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-07
MD5: 8e0010ebe1c82bfe9b65f8252985797d SHA-1: 90fa27ef37c8165d6fe337338cab4da959bc5be1 SHA-256: 6e0e6693b9ae71ec6f2182ee0c84cd0d58579d1c18423d9191841aa7f23a10b0
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple embedded URLs and a visual download button lure, suggesting an attempt to redirect the user to a malicious site for 'Free Robux'. The ML classifier also flagged this PDF as malicious. While no scripts were explicitly extracted, the presence of external URIs and the overall structure indicate a likely phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/free-robux-you-don-t-have-to-do-anything PDF link annotation
    • http://www.les2alpes-location.com/images/free-robux-no-human-verification-or-survey-2021.pdfIn PDF document text
    • https://lita-lb.org/images/roblox-cheat-engine-scripts-2021.pdfIn PDF document text
    • http://oddgraphic.com/images/how-to-get-wings-free-in-roblox.pdfIn PDF document text
    • https://www.cnte.org.br/images/hacking-how-to-fly-in-roblox-at-any-game.pdfIn PDF document text
    • https://kimolos-link.gr/images/dansploit-hack-roblox.pdfIn PDF document text
    • http://seytarehco.com/images/best-roblox-exploits-free-v3rmillion-november-2021.pdfIn PDF document text
    • https://socialvalue.gr/images/robux-in-1min-hacken-german.pdfIn PDF document text
    • http://hindicenter.com/images/hacks-for-tresure-hunt-simulator-roblox.pdfIn PDF document text
    • http://www.prylfabriken.se/images/roblox-working-strucid-aimbot-hack-2021-august-pastebin.pdfIn PDF document text
    • https://www.audipec.com.br/images/easy-robux-free-today.pdfIn PDF document text
    • https://www.seeingindependence.org/images/get-roblox-clothes-for-free.pdfIn PDF document text
    • http://posterprintshop.nl/images/cheats-for-robux-2021.pdfIn PDF document text
    • http://agrao.in/images/free-roblox-gift-codes-2021.pdfIn PDF document text
    • http://almacargo.com/images/features-roblox-robux-hack-apk.pdfIn PDF document text
    • http://www.ntc.edu.za/images/royale-high-school-roblox-cheats.pdfIn PDF document text
    • https://www.stayon.no/images/how-to-get-the-green-dragon-wings-roblox-for-free.pdfIn PDF document text
    • http://www.tamogatoweb.hu/images/roblox-noob-outfit-free.pdfIn PDF document text
    • http://www.hawler.in/images/how-to-become-a-hacker-on-roblox-ipad.pdfIn PDF document text
    • http://cosver.eu/images/how-to-hack-any-tycoon-on-roblox-wiki-how.pdfIn PDF document text
    • http://www.lascalamilanowallcovering.it/images/how-to-hack-on-roblox-in-3-simple-steps.pdfIn PDF document text
    • http://halitbayramoglu.com.tr/images/how-to-get-free-robux-on-roblox-2021-no-hacks.pdfIn PDF document text
    • https://raduzhnyj.od.ua/images/roblox-dayz-hack.pdfIn PDF document text
    • https://newenglandafs.com/images/roblox-inceptor-hack.pdfIn PDF document text
    • http://kfz-ilg.com/images/how-do-you-get-free-robux-in-a-game.pdfIn PDF document text
    • http://aiyta.com/images/how-to-get-free-stuff-roblox-ipad.pdfIn PDF document text
    • https://www.iadh.bi/images/how-to-get-free-knives-in-roblox-assassin.pdfIn PDF document text
    • https://europe-upkl.eu/images/how-do-you-get-free-outrageous-builders-club-on-roblox.pdfIn PDF document text
    • http://www.art-concept.gr/images/roblox-2021-hack-attack.pdfIn PDF document text
    • https://amatq.ca/images/admin-roblox-free-download.pdfIn PDF document text
    • http://kancelaria-legnica.eu/images/ho-to-get-min-on-roblox-for-free.pdfIn PDF document text
    • http://www.mikramarine.gr/images/roblox-robux-money-cheat.pdfIn PDF document text
    • http://www.mosaikshop.at/images/free-admin-commands-roblox.pdfIn PDF document text
    • https://semanasantacehegin.com/images/how-to-install-hacks-to-roblox.pdfIn PDF document text
    • http://icomsolutions.com.au/images/roblox-speed-hack-may-2021.pdfIn PDF document text
    • http://echosvoix.ch/images/get-free-get-rekt-roblox-shirt.pdfIn PDF document text
    • http://almacargo.com/images/how-to-get-free-stuff-in-roblox-on-ipad.pdfIn PDF document text
    • http://bkd1.balikpapan.go.id/images/how-to-hack-into-anyones-roblox-2021.pdfIn PDF document text
    • http://ernstgloves.co.il/images/how-to-get-the-free-popkon-hat-in-roblox.pdfIn PDF document text
    • http://dos.most.gov.la/images/free-robux-2021-yt.pdfIn PDF document text
    • http://stroygrad-spb.com/images/final-stand-2-cheats-roblox.pdfIn PDF document text
    • http://iluvlocalplaces.com/images/install-roblox-free-latest-version.pdfIn PDF document text
    • https://www.cnte.org.br/images/free-shirt-roblox-avatar.pdfIn PDF document text
    • https://rincondelentrenador.com/images/roblox-774-hack.pdfIn PDF document text
    • http://ivalor.fr/images/pagina-free-robux.pdfIn PDF document text
    • https://wandersuechtig.de/images/use-the-rarest-item-on-roblox-for-free.pdfIn PDF document text
    • http://www.brtes.com/images/free-robux-hack-generator-club-2021.pdfIn PDF document text
    • http://www.rezbb.sk/images/cheats-for-dungeon-quest-roblox.pdfIn PDF document text
    • https://pemadamapi.net/images/roblox-exploit-download-2021-free.pdfIn PDF document text
    • http://escolaarboc.cat/images/free-robux-no-verification-2021-ios.pdfIn PDF document text
    +14 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000831e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x831E 24896 bytes
SHA-256: 29f21f3947ea798733f1e8ae8c7c5c7bc55e20943d8d46f6854aa2ee392e0636
font_01_sfnt_off0000bc47.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBC47 3364 bytes
SHA-256: 89df7fc185968942a825e6a661318db9907d93066376f37106431d788f149efc
font_02_sfnt_off0000c7d7.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC7D7 18940 bytes
SHA-256: 775166525d0cfde3eaade8fbbdd9c868179d443568a7e7172ce5a65e8d0839c2