PDF static analysis report

Static analysis result for SHA-256 76118826929d33ed…

SUSPICIOUS

PDF

61.0 KB Created: 2021-04-05 23:21:58 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 592292068799305c3a2df14d1b650adf SHA-1: 00d9d60b22067022b05641c2909ca0fa125f89b6 SHA-256: 76118826929d33ed9c285508766525c4e7425b073b35afdabc503a888ecc9b30
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/hacking-peoples-account-on-roblox PDF link annotation
    • http://huananhai.net/images/comment-hacker-un-roblox.pdfIn PDF document text
    • http://www.copoint.co.uk/images/marshmello-t-shirt-roblox-free.pdfIn PDF document text
    • http://www.sabbiadoro.net/images/skyline-hacks-for-roblox.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/sistem48-hack-roblox.pdfIn PDF document text
    • https://kldcardio.ru/images/are-there-any-free-sword-on-roblox.pdfIn PDF document text
    • http://force-seniorklub.dk/images/hack-work-on-roblox-2021.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/how-to-quickly-get-80-robux-free.pdfIn PDF document text
    • https://hekl-software.de/images/hacks-for-pet-ranch-roblox.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/how-to-hack-roblox-robux-pc.pdfIn PDF document text
    • https://www.ausecus.com/images/i-roblox-beeing-hacked.pdfIn PDF document text
    • http://www.hotelcomelico.it/images/free-roblox-cards-youtube.pdfIn PDF document text
    • https://ballaratcaravans.com.au/images/free-robux-only-working-today.pdfIn PDF document text
    • http://www.evaplast.by/images/roblox-cheat-engine-2021.pdfIn PDF document text
    • http://www.brtes.com/images/app-hack-online-robux.pdfIn PDF document text
    • http://finalstand.org/images/how-to-hack-into-a-lost-roblox-account-2021.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/roblox-flood-escape-2-ctrl-tp-hack.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/free-roblox-inventory-code.pdfIn PDF document text
    • https://www.cpnf.ch/images/free-apps-like-roblox.pdfIn PDF document text
    • http://bvmg.nl/images/i-hacked-roblox-account.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/free-robuxes.pdfIn PDF document text
    • http://goosesscuba.com/images/roblox-jeff-the-killer-shirt-free.pdfIn PDF document text
    • http://apostolosandreaslemesou.com/images/roblox-phantom-forces-cheats-2021.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/robux-hack-joining-groups-2021.pdfIn PDF document text
    • http://stpc.it/images/how-to-hack-every-game-in-roblox.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/roblox-jailbreak-speed-hack-download.pdfIn PDF document text
    • http://www.awakeningtruth.org/images/roblox-events-free-robux.pdfIn PDF document text
    • http://fradiomas.com/images/get-robux-easily-free.pdfIn PDF document text
    • http://www.conservatoriolecce.it/images/free-robux-kids-hack.pdfIn PDF document text
    • http://www.maakherumusic.net/images/how-to-get-free-robux-2021-easy.pdfIn PDF document text
    • https://ai-appenzell.ch/images/5-games-that-give-out-free-robux.pdfIn PDF document text
    • http://www.lascalamilanowallcovering.it/images/poste-eybens-free-robux.pdfIn PDF document text
    • http://bilhetim.com.br/images/roblox-mod-apk-hack.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/murder-island-cheat-roblox.pdfIn PDF document text
    • https://gabrieliassociati.com/images/admin-free-robux-code.pdfIn PDF document text
    • http://lcs-schlieben.de/images/roblox-free-robux-real.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/free-roblox-jump-exploiut.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/robux-gratis-2021-sin-hacks.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/free-robux-codes-no-download-no-survey.pdfIn PDF document text
    • http://paro.net.ua/images/how-to-hack-into-a-group-on-roblox.pdfIn PDF document text
    • http://www.mjclautrec.fr/images/roblox-robux-hack-online-generator-tool.pdfIn PDF document text
    • http://wireprod.net/images/robux-hack-site.pdfIn PDF document text
    • https://www.air-shop.cz/images/roblox-inf-health-hack.pdfIn PDF document text
    • https://www.porthos.it/images/afraid-of-old-roblox-account-being-hacked.pdfIn PDF document text
    • http://racunari.in.rs/images/comment-hacker-roblox-avec-cheat-engine.pdfIn PDF document text
    • https://www.iadh.bi/images/roblox-speed-hack-script.pdfIn PDF document text
    • http://echosvoix.ch/images/free-song-codes-for-roblox.pdfIn PDF document text
    • http://yochin.org.tw/images/free-robux-generator-no-survey-no-offers.pdfIn PDF document text
    • http://massimocarpegna.com/images/free-roblox-accounts-rich-2021.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/jailbreak-hacks-for-roblox-projec-alph.pdfIn PDF document text
    +12 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000818a.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x818A 27536 bytes
SHA-256: d3b5f38cc726cc011f5cda33c47e0f928900d4ac05e9fc23b63bd80721e5e31b
font_01_sfnt_off0000bf95.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBF95 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c946.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC946 18732 bytes
SHA-256: f38e280bd8e9e376ef74c5e003a68bc0b1f0ba98907b4a4d6ca98ff5921538d9