PDF static analysis report

Static analysis result for SHA-256 897aad47a2267b39…

SUSPICIOUS

PDF

45.9 KB Created: 2021-04-02 20:03:54 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-18
MD5: 54d6effb1776931e2f813a8895b9e9a3 SHA-1: 6b5bcb5b14aaf9742a4782a2eac075a23f035104 SHA-256: 897aad47a2267b393d06ac7081e9cb7b96e390cc21693545562ec643775f659a
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9434

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/best-free-survival-games-on-roblox PDF link annotation
    • https://accord.kiev.ua/images/g-eazy-freid-rice-roblox-id.pdfIn PDF document text
    • http://www.vktzunami.cz/images/free-steam-codes-no-survey-robux.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/roblox-cheat-with-fake-paypal-checkout.pdfIn PDF document text
    • http://www.tamogatoweb.hu/images/how-to-hack-to-get-robux-on-roblox.pdfIn PDF document text
    • https://www.lavigny.ch/images/get-free-robux-on-roblox-2021-november.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/how-to-hack-someones-roblox-account-2021.pdfIn PDF document text
    • http://www.vktzunami.cz/images/hacks-para-db-rage-roblox.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/how-to-get-money-for-free-on-roblox.pdfIn PDF document text
    • https://www.cnte.org.br/images/roblox-codes-cheats.pdfIn PDF document text
    • https://www.seeingindependence.org/images/how-to-hack-roblox-accounts-2021.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/hack-de-dinero-para-jailbreak-roblox-noviembre.pdfIn PDF document text
    • http://pa-tanjungselor.go.id/images/roblox-hack-de-robux-version-2335202112.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/roblox-dinosaur-simulator-hack-2021.pdfIn PDF document text
    • https://verdensbarn.no/images/how-do-you-hack-roblox-to-have-sex.pdfIn PDF document text
    • http://bkd1.balikpapan.go.id/images/how-to-get-free-robux-without-paying-any-money.pdfIn PDF document text
    • https://www.lomrad.go.th/images/roblox-cheat-exploit-juillet-2021-for-car-crusher-2-free.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/free-roblox-com-passwords.pdfIn PDF document text
    • https://www.u-pin-it.com/images/how-to-customize-roblox-avatar-for-free.pdfIn PDF document text
    • http://www.ntc.edu.za/images/how-to-hack-in-any-game-on-roblox.pdfIn PDF document text
    • http://www.anies.eu/images/roblox-free-items-list.pdfIn PDF document text
    • http://ns1.radiofacil.net/images/hack-atravesar-paredes-en-roblox.pdfIn PDF document text
    • http://www.lovecraftiana.com.ar/images/free-robux-hack-generator-no-verification.pdfIn PDF document text
    • http://cosver.eu/images/roblox-scripts-free.pdfIn PDF document text
    • http://hemmet-strand.dk/images/free-robux-fake-name.pdfIn PDF document text
    • http://www.torvet11.dk/images/como-hackear-una-cuenta-de-roblox.pdfIn PDF document text
    • http://salantiskis.lt/images/roblox-money-hack-apk.pdfIn PDF document text
    • https://www.hotschool.com.au/images/get-a-roblox-account-wiyh-robux-free.pdfIn PDF document text
    • http://www.occquimica.com.br/images/roblox-recover-hacked-account-no-email.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/free-pdf-colouring-page-of-roblox-characters.pdfIn PDF document text
    • http://kruiz21.ru/images/how-to-get-free-builders-club-on-roblox-mobile.pdfIn PDF document text
    • https://corbo.ru/images/how-to-get-free-roblox-gear-2021.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/how-to-get-free-robux-on-roblox-on-ipad-2021.pdfIn PDF document text
    • http://www.eaapiaria.es/images/roblox-how-to-get-any-gamepass-for-free-2021.pdfIn PDF document text
    • http://sscclc.edu.ec/images/roblox-adopt-me-how-to-get-free-bucks.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/robux-club-free.pdfIn PDF document text
    • http://www.anies.eu/images/hack-account-roblox-with-link.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/how-to-get-free-robux-in-roblox-2021-easy.pdfIn PDF document text
    • http://www.boic.nl/images/hacks-para-roblox-2021-banear-robux-infinitos.pdfIn PDF document text
    • https://estalagemmonteverde.com.br/images/games-that-have-free-robux.pdfIn PDF document text
    • https://www.cpnf.ch/images/roblox-script-executor-free-download-2021.pdfIn PDF document text
    • http://agrao.in/images/prison-breaker-roblox-hacks.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/roblox-lost-hacks.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/roblox-how-to-sign-up-on-cheat-buddys-website.pdfIn PDF document text
    • http://www.eurosan1.ba/images/roblox-northern-frontier-how-to-hack-pounds.pdfIn PDF document text
    • https://technospektr.com.ua/images/cheats-in-wolves-life-3-roblox.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/roblox-parkour-hack-2021.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/how-to-get-free-robux-no-survey-2021.pdfIn PDF document text
    • https://www.ghknights.org/images/sistem48-hack-roblox.pdfIn PDF document text
    • http://www.fluidtech.hu/images/how-to-hack-a-roblox-account-with-hashes.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00005a0b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x5A0B 23128 bytes
SHA-256: 24e814931d10de5dbbd66ce35c6c95b45ace43c0fe2d7c2ddf037475cb0119b6
font_01_sfnt_off00008e49.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8E49 18500 bytes
SHA-256: bd4a861ecabc992ad319103a6c104fda96bcf9f6b239418a9c31dcc493b4c6fc