PDF static analysis report

Static analysis result for SHA-256 7587d74cc1ee739b…

SUSPICIOUS

PDF

56.8 KB Created: 2021-04-05 19:08:35 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-01
MD5: 160e73a0fdd665448d2ef5338db4e41b SHA-1: 0a261dd51ba4a5526b17aba2c37cfdf325fe4b2c SHA-256: 7587d74cc1ee739ba08a89384db9d026081a5abdcd58f0efefbe5e3e95a17e0a
36 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious Link

This PDF document was flagged as suspicious by an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9588

Heuristics 3

  • External URI info PDF_URI
    PDF contains an external URL action
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/hack-roblox-one-piece-open-seas-pre-alpha-read-desc PDF link annotation
    • http://www.prylfabriken.se/images/how-do-you-get-bloxburg-on-roblox-for-free.pdfIn PDF document text
    • https://www.cfdcnv.com/images/free-robux-2021.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/booga-booga-roblox-cheat-codes.pdfIn PDF document text
    • http://nikabio.com/images/v3rmillion-hacks-roblox.pdfIn PDF document text
    • http://ivanflores.cl/images/hacked-pokemon-games-roblox.pdfIn PDF document text
    • https://sectorpravdy.com/images/xydia-roblox-hack.pdfIn PDF document text
    • https://sitam.co.in/images/how-to-hack-an-account-in-roblox.pdfIn PDF document text
    • https://www.manisoft.ir/images/robux-hack-2021-on-phone.pdfIn PDF document text
    • http://msfs-eastafrica.com/images/hiw-to-get-free-robux-on-roblox-2021-bfast.pdfIn PDF document text
    • https://www.dachytarasowe.eu/images/download-portable-hacks-roblox.pdfIn PDF document text
    • http://smart-pro.co.uk/images/free-roblox-resources.pdfIn PDF document text
    • http://force-seniorklub.dk/images/hack-roblox-robux-real-working.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/free-robux-apk-pc.pdfIn PDF document text
    • http://genialica.de/images/roblox-trade-hack.pdfIn PDF document text
    • https://www.stayon.no/images/hacking-someones-account-roblox.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/promo-code-roblox-free.pdfIn PDF document text
    • https://tokunfome.com.br/images/roblox-free-dress.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/i-got-hacked-on-roblox-what-should-i-do.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/how-to-get-robux-for-free-without-doing-anything.pdfIn PDF document text
    • http://www.copoint.co.uk/images/how-to-use-roblox-hacks.pdfIn PDF document text
    • http://www.inservis.cl/images/how-to-get-free-items-on-roblox-on-phone.pdfIn PDF document text
    • http://palogar.es/images/free-robux-website-safe.pdfIn PDF document text
    • http://teknotools.net/images/free-robux-by-watching-videos-and-no-surveys-or-downloads.pdfIn PDF document text
    • http://seytarehco.com/images/you-promised-my-son-you-would-give-him-free-robux.pdfIn PDF document text
    • https://www.wijhalenhetop.nl/images/roblox-free-card-codes-2021.pdfIn PDF document text
    • http://learningarabic.co.uk/images/roblox-fortnite-hacks.pdfIn PDF document text
    • http://verenacrow.at/images/el-pacmero-hack-roblox-robux-pastebin.pdfIn PDF document text
    • http://steklofara.com.ua/images/hacked-face-roblox-id.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/files-blue-roblox-hack-download.pdfIn PDF document text
    • http://eltisstudio.sk/images/how-to-speed-hack-roblox-with-cheat-engine-64.pdfIn PDF document text
    • http://jijel.info/images/how-to-get-free-clothes-on-roblox-2021.pdfIn PDF document text
    • http://shiny-nn.ru/images/free-robux-pastebin-no-wait-2021-may.pdfIn PDF document text
    • http://kruiz21.ru/images/how-to-get-free-stuff-on-roblox-catalog.pdfIn PDF document text
    • http://piadaandco.it/images/how-to-ranks-up-in-a-roblox-group-hack.pdfIn PDF document text
    • http://technologicalsc.com/images/free-robux-generator-no-human-survey.pdfIn PDF document text
    • http://fratellimazzoleni.it/images/roblox-cheat-engine-download-2021.pdfIn PDF document text
    • https://pagadder.com/images/free-youngboy-roblox-id.pdfIn PDF document text
    • http://www.elis-strechy.cz/images/im-hacking-on-roblox.pdfIn PDF document text
    • http://kfz-service-etp.de/images/absolutely-free-robux.pdfIn PDF document text
    • http://ernstgloves.co.il/images/free-codes-assassin-roblox.pdfIn PDF document text
    • http://cmfd.nl/images/generator-hack-roblox.pdfIn PDF document text
    • http://www.inservis.cl/images/roblox-hack-2021-download.pdfIn PDF document text
    • http://piadaandco.it/images/roblox-working-hack-dll-for-ccc.pdfIn PDF document text
    • https://www.cpnf.ch/images/roblox-tablet-hacks.pdfIn PDF document text
    • http://sealysports.com/images/hack-de-roblox-bee-simulator.pdfIn PDF document text
    • http://santjoandelesabadesses.cat/images/bhop-hack-roblox.pdfIn PDF document text
    • http://sealysports.com/images/how-to-get-free-robux-on-roblox-simple.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/free-roblox-explot.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/cheat-engine-no-longer-works-on-roblox.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008386.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8386 26020 bytes
SHA-256: 6cc51ea99ce048e4e268543b8ce6ad4ec395e793603a39406aa8cd3f67286acf
font_01_sfnt_off0000beb1.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBEB1 18900 bytes
SHA-256: 8b7b0333afc499a94462e482135971df3b29448f4dafda1b90b611f7fce6753a