PDF static analysis report

Static analysis result for SHA-256 7dac90d1f0171040…

SUSPICIOUS

PDF

56.6 KB Created: 2021-04-05 21:48:20 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: edeba702f82a6a7b5e80c5f3cea28a60 SHA-1: adc50743cd63bc1f72f50d6f9e4bdf473cd42630 SHA-256: 7dac90d1f017104064588c10045b402abbb150ef383f04c052d6daebb4e98d0a
50 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. It uses an urgency-based lure. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 4

  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/free-roblox-accounts-2021-pastebin PDF link annotation
    • https://www.manisoft.ir/images/clothes-for-free-online-roblox.pdfIn PDF document text
    • http://salantiskis.lt/images/robux-cheats-2021.pdfIn PDF document text
    • https://www.audipec.com.br/images/free-robux-no-human-verification-not-fake.pdfIn PDF document text
    • https://letturatarghe.it/images/roblox-jojo-project-cheat.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/what-are-some-cheat-codes-for-destruction-simulator-roblox-codes.pdfIn PDF document text
    • https://willifox.com/images/robux-hack-on-phone.pdfIn PDF document text
    • http://bodyguardsecurityservices.com.au/images/hacking-simulator-game-roblox.pdfIn PDF document text
    • http://www.adravietnam.org/images/how-to-hack-in-roblox-walk-through-walls.pdfIn PDF document text
    • http://www.likto.eu/images/hack-para-roblox-phantom-forces.pdfIn PDF document text
    • https://www.academiaanticorrupcion.org/images/free-roblox-clothes-mobile.pdfIn PDF document text
    • http://sfsbm.org/images/free-robux-for-real-without-email-needed.pdfIn PDF document text
    • https://ghpa.ru/images/roblox-dungeon-quest-free-account.pdfIn PDF document text
    • http://vipservice-bg.com/images/games-to-play-free-no-membership-on-roblox.pdfIn PDF document text
    • https://accord.kiev.ua/images/how-to-hack-assassin-boxes-roblox-2021.pdfIn PDF document text
    • http://zarinnameh.ir/images/roblox-synapse-strucid-2021-august-hack.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/i-got-hacked-but-i-want-my-account-back-roblox.pdfIn PDF document text
    • https://reggieslockandkey.com/images/wwe-roblox-hack.pdfIn PDF document text
    • http://www.htc.edu.au/images/cheat-roblox-nate.pdfIn PDF document text
    • https://www.arquetopia.org/images/free-robux-no-human-verify.pdfIn PDF document text
    • http://reisebild.eu/images/how-to-hack-accounts-on-roblox-for-free.pdfIn PDF document text
    • https://eleganceautospa.ca/images/roblox-skywars-fly-hack-2021.pdfIn PDF document text
    • http://www.barsa.it/images/11-4-2021-roblox-hack.pdfIn PDF document text
    • http://jackson-pr.com/images/f-free-robux.pdfIn PDF document text
    • http://altc.de/images/roblox-rtd-awakening-cheats.pdfIn PDF document text
    • http://prohsa.com/images/how-to-draw-roblox-hacker.pdfIn PDF document text
    • http://www.actae.gr/images/how-to-hack-in-roblox-on-ipad.pdfIn PDF document text
    • http://dottgagliardi.com/images/roblox-eat-or-diy-game-hack.pdfIn PDF document text
    • http://learningarabic.co.uk/images/how-to-get-free-accessories-on-roblox-2021.pdfIn PDF document text
    • http://sbm-nn.ru/images/roblox-free-r-obux.pdfIn PDF document text
    • http://hemmet-strand.dk/images/adopt-me-hack-roblox.pdfIn PDF document text
    • http://egorplitka.ru/images/how-to-hack-a-roblox-account-easy-2021.pdfIn PDF document text
    • http://safwafurniture.com/images/free-script-injector-roblox.pdfIn PDF document text
    • http://www.cosver.nl/images/roblox-f3x-hack.pdfIn PDF document text
    • https://www.tsdb.com.au/images/roblox-tycoon-money-hack-2021.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/how-to-hack-into-any-roblox-account-2021.pdfIn PDF document text
    • http://schrichte.de/images/hacks-for-roblox-bee-swarm-simulator.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/join-group-and-get-free-robux.pdfIn PDF document text
    • http://beagles-of-harmony.de/images/hacks-code-to-run-in-roblox.pdfIn PDF document text
    • http://indotec.fr/images/free-robux-without-password.pdfIn PDF document text
    • https://www.najeebqasmi.com/images/roblox-hack-exploit-windows-10.pdfIn PDF document text
    • http://amtabor2.at/images/roblox-super-jump-hack-cheat-engine.pdfIn PDF document text
    • http://bned-leader.co.uk/images/roblox-free-robux-free-hack.pdfIn PDF document text
    • http://columbuscigar.com/images/roblox-whatever-floats-your-boat-level-hack.pdfIn PDF document text
    • http://finettifrs.it/images/hacks-para-roblox-sin-ijectores.pdfIn PDF document text
    • http://daksz.hu/images/how-to-get-robux-free-quik.pdfIn PDF document text
    • http://www.gadanie.lv/images/free-gifts-roblox.pdfIn PDF document text
    • http://dermaceutic.co.uk/images/meep-city-roblox-hack.pdfIn PDF document text
    • http://www.lascalamilanowallcovering.it/images/roblox-exploit-cheat-engine.pdfIn PDF document text
    • https://www.udivadlahotel.cz/images/hhttp-free-robuxwin.pdfIn PDF document text
    +12 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00007fa3.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x7FA3 24864 bytes
SHA-256: 9c0a0d09a19fd7ab200e297dfe82fc8f460151745f60b8839f01eda26c6a3b4b
font_01_sfnt_off0000b836.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB836 18820 bytes
SHA-256: 3ac1a6e0f41dd467b97cd140a2901298e76c852f62dc3f3cad455717fedd06b9