PDF static analysis report

Static analysis result for SHA-256 7fca5c36312b5977…

SUSPICIOUS

PDF

34.9 KB Created: 2021-06-28 21:39:03 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 7fe71eac042d2c8435e469b85f46cd60 SHA-1: 690fbc60e1d2467054bdc7adb1ada238ae4526b3 SHA-256: 7fca5c36312b5977fb87c6eeb13e28b502f6359d0e92a8d6a2cef507a6f395de
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document contains a prominent external URI pointing to a site offering "Roblox Hack To Get Free Robux". The ML classifier strongly flagged this PDF as malicious. The presence of numerous related URLs in the document body and extracted URLs suggests a social engineering lure to trick users into downloading potentially malicious content or visiting phishing sites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/roblox-hack-to-get-free-robux-youtube-voltexx-game-hack PDF link annotation
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/freespinandcoin-blogspot_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/coin-master-gold-cards-free-link_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/how-to-get-free-robux-2021_GM431946152.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/free-multiplayer-minecraft-server_GM479516143.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/free-robux-no-verify-2021_GM431946152.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/free-robux-gift-card_GM431946152.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/free-coin-master-hack-no-verification_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/hacking-apps-for-roblox_GM431946152.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/free-robux-place_GM431946152.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/blogspot-coin-master-free-spins_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/free-spin-and-coin-blogspot_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/how-do-you-get-free-robux_GM431946152.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/free-spins-for-coin-master-game_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/coin-master-free-spin-game_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/dessert-simulator-hack-roblox_GM431946152.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/coin-master-hacks_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/orewards-com-free-robux_GM431946152.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/coin-master-free-cards-hack_GM406889139.pdfIn PDF document text
    • https://elearningman1kotacirebon.sch.id/__statics/gudangsoal/files/hacked-roblox-accounts-list_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00003199.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x3199 22124 bytes
SHA-256: 47b71b52fd68d40216c8fe0e08eb93375a6833ee202a6180799fd19c10190a36
font_01_sfnt_off00006261.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x6261 19360 bytes
SHA-256: e0deee6ae4f13d8627e4d5b42b270a52ec332d0b1b20d45b121d2700cf45f4b0