PDF static analysis report

Static analysis result for SHA-256 86e73c3f5dd319c0…

SUSPICIOUS

PDF

59.8 KB Created: 2021-04-05 19:35:56 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 0fab31afea1637ff2f37510a969969b3 SHA-1: d5621f820420d2e0529657704e4679650da02fca SHA-256: 86e73c3f5dd319c046672c3a3802d2d41eb11347c42dd08d740f4ad232995059
50 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple embedded URLs and heuristic firings indicating a lure for free Robux, a popular in-game currency. The ML classifier also flagged the PDF as malicious. The presence of urgency and download button lures further supports a phishing or malware distribution attempt. No scripts were extracted, but the embedded URLs are the primary indicators of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 4

  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/robux-robux-free-roblox PDF link annotation
    • http://www.hawler.in/images/a-free-roblox-card.pdfIn PDF document text
    • http://lanoblaie.fr/images/instal-cheat-roblox-adopt-me.pdfIn PDF document text
    • https://bancroftandsons.com/images/roblox-hacked-codes.pdfIn PDF document text
    • http://famoirs.co.uk/images/free-robux-with-no-downloading-apps.pdfIn PDF document text
    • http://acp-institut.fr/images/free-robux-with-no-downloads.pdfIn PDF document text
    • http://www.prylfabriken.se/images/gravity-switch-hack-roblox-2021.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/avatar-in-roblox-free.pdfIn PDF document text
    • https://www.foodsafety.cz/images/free-op-roblox-accounts.pdfIn PDF document text
    • http://www.oberberger.it/images/how-to-make-robux-free-no-hack.pdfIn PDF document text
    • http://interpretation-dessins-enfants.net/images/roblox-shuts-down-with-cheat-engine.pdfIn PDF document text
    • http://nevesomost.by/images/noob-vs-pro-vs-hacker-roblox-bee-swarm-simulator.pdfIn PDF document text
    • http://www.centromedicoaurora.it/images/how-to-hack-into-ppls-account-on-roblox.pdfIn PDF document text
    • https://www.u-pin-it.com/images/roblox-dress-free-shipping.pdfIn PDF document text
    • http://fiur-malermeister.de/images/google-only-avatar-free-roblox.pdfIn PDF document text
    • http://eddieblum.nl/images/free-roblox-hats-2021.pdfIn PDF document text
    • http://www.vktzunami.cz/images/como-descargar-local-player-hacks-roblox.pdfIn PDF document text
    • https://bgescc.com/images/can-you-really-get-free-robux.pdfIn PDF document text
    • http://santeh-40.ru/images/how-to-hack-roblox-apocalypse-rising-2021.pdfIn PDF document text
    • http://brandyourbody.com/images/how-to-get-a-robux-for-free-2021.pdfIn PDF document text
    • https://www.brainpads.com/images/roblox-digimon-aurity-hack-fast-fire.pdfIn PDF document text
    • http://domaizdereva24.ru/images/free-robux-promo-codes-list.pdfIn PDF document text
    • http://www.drent.se/images/how-to-hack-audio-in-roblox.pdfIn PDF document text
    • http://tegeler-segler.de/images/roblox-jailbreak-play-for-free.pdfIn PDF document text
    • http://kids-academy.pl/images/how-do-you-become-a-hacker-on-roblox.pdfIn PDF document text
    • http://www.copoint.co.uk/images/roblox-car-speed-hack-script.pdfIn PDF document text
    • http://engelum.com/images/hack-vampire-hunters-2-roblox-fly.pdfIn PDF document text
    • http://modlingua.com/images/one-piece-millenium-roblox-stats-hack.pdfIn PDF document text
    • http://moto98.com/images/roblox-free-robux-download.pdfIn PDF document text
    • https://schulzpressetext.de/images/how-to-make-cheats-for-roblox-in-visual-studio.pdfIn PDF document text
    • https://masseymotorcars.com/images/robux-hack-no-survey-no-human-verification-2021.pdfIn PDF document text
    • http://per-bittner.de/images/how-to-get-dominus-items-for-free-roblox.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/flob-fun-roblox-hacker-generator.pdfIn PDF document text
    • http://sfsbm.org/images/robux-free-codees-legit.pdfIn PDF document text
    • http://schottlandfieber.de/images/blonde-girl-hair-free-roblox.pdfIn PDF document text
    • http://www.torvet11.dk/images/how-to-get-free-robux-working-2021.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/any-free-roblox-exploits-2021.pdfIn PDF document text
    • http://energotestcontrol.ru/images/cheat-engine-roblox-bee-swarm-simulator.pdfIn PDF document text
    • https://www.stadtbesichtigungen.de/images/free-robux-please.pdfIn PDF document text
    • http://legs11.co.za/images/cheat-roblox-uno.pdfIn PDF document text
    • http://businessfit.com/images/hack-weight-lifting-simulator-2-roblox.pdfIn PDF document text
    • https://www.fenews.co.uk/images/buy-free-robux-card.pdfIn PDF document text
    • http://sb2m.com.br/images/roblox-dragon-fury-hack.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/roblox-xbox-360-free-download.pdfIn PDF document text
    • https://www.only-press.ru/images/how-to-fly-hack-in-roblox-jailbreak.pdfIn PDF document text
    • https://socialvalue.gr/images/hack-robux.pdfIn PDF document text
    • http://energotestcontrol.ru/images/free-robux-no-details-needed.pdfIn PDF document text
    • https://www.poiskavia.ru/images/roblox-hack-como-tener-robux-gratis.pdfIn PDF document text
    • http://www.bernerpupping.at/images/roblub-for-free-on-roblox-100-working-2021.pdfIn PDF document text
    • https://www.saisystem.it/images/how-to-get-free-admin-on-roblox-ios.pdfIn PDF document text
    +15 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008327.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8327 26808 bytes
SHA-256: b67180a6418c7fa95d2e26ad8a71b8cd23dc200c1b8d232f1c4b5ac75c50915d
font_01_sfnt_off0000bf76.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBF76 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c926.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC926 17320 bytes
SHA-256: c72c4d349d8ac6d87878711678c62eb7725b2dc81e9ba7ae45d9deedae009c09