PDF static analysis report

Static analysis result for SHA-256 91db844206928936…

SUSPICIOUS

PDF

56.6 KB Created: 2021-04-06 01:01:55 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 91edeb4f5aa40354c33b37381e623340 SHA-1: 03025d86cda9b15185258b5dc39de29b6351ce20 SHA-256: 91db8442069289360fb8ba871c46cca851088b8666e4c8b9f783c18256304aa8
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-get-free-robux-in-notepad PDF link annotation
    • http://vagency.us/images/roblox-meep-city-free-games.pdfIn PDF document text
    • http://www.centromedicoaurora.it/images/how-to-hack-prison-life-roblox-2021-free.pdfIn PDF document text
    • http://www.kalaaliaraq.dk/images/roblox-site-free-robux.pdfIn PDF document text
    • http://biccairo.com/images/roblox-change-team-hack.pdfIn PDF document text
    • http://erntefest2016.de/images/free-stuff-but-you-have-to-enter-a-code-roblox.pdfIn PDF document text
    • https://lobergetart.se/images/roblox-piano-hack-download.pdfIn PDF document text
    • http://osteonad.com/images/roblox-phantom-forces-hack-mod-menu.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/how-to-bypass-cheat-engine-on-roblox-2021.pdfIn PDF document text
    • http://ernstgloves.co.il/images/roblox-guns-r15-script-hack.pdfIn PDF document text
    • https://luminouswisdom.org/images/how-to-get-roblox-hats-for-free.pdfIn PDF document text
    • http://bagna.pl/images/free-robux-hack-2021-working.pdfIn PDF document text
    • https://amatq.ca/images/hack-script-copy-and-paste-roblox.pdfIn PDF document text
    • http://www.controverseinterapie.it/images/free-robux-no-human-verification-no-survey-or-download.pdfIn PDF document text
    • https://www.ghknights.org/images/roblox-free-teleporter.pdfIn PDF document text
    • http://jenne-technik.de/images/onnet-roblox-hack.pdfIn PDF document text
    • http://oddgraphic.com/images/how-do-you-get-free-robux-on-kindle-fire.pdfIn PDF document text
    • http://kundentest.de/images/free-robux-and-tix-for-roblox.pdfIn PDF document text
    • http://egorplitka.ru/images/free-roblox-toy-codes-november-2021.pdfIn PDF document text
    • http://dermaceutic.co.uk/images/robux-hack-2021.pdfIn PDF document text
    • https://open-coffee-drimmelen-geertruidenberg.nl/images/can-you-change-your-roblox-name-for-free.pdfIn PDF document text
    • https://www.romedia.gr/images/free-robux-generator-no-survey-2021.pdfIn PDF document text
    • http://lewishome.net/images/free-robux-reedem-code.pdfIn PDF document text
    • http://grugliascogiovani.org/images/robux-hack-apk-2021.pdfIn PDF document text
    • https://www.romedia.gr/images/free-robux-codes-2021-october.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/get-roblox-hacks.pdfIn PDF document text
    • http://clubpure.org/images/roblox-free-robux-no-verification.pdfIn PDF document text
    • http://fsgtoday.com/images/free-robux-hack-forum-by-envix.pdfIn PDF document text
    • http://www.htc.edu.au/images/give-free-account-roblox-13-jun-2021.pdfIn PDF document text
    • http://news123.it/images/tips-and-hints-to-get-robux-for-free-hack.pdfIn PDF document text
    • https://lobergetart.se/images/free-shovocado-roblox.pdfIn PDF document text
    • http://sdsdar.org/images/roblox-scripts-download-for-free.pdfIn PDF document text
    • http://laboraltoledo.com/images/hack-para-roblox-jailbreak.pdfIn PDF document text
    • http://jackson-pr.com/images/how-to-cheat-on-eviction-notice-roblox.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/roblox-robux-free-no-hack.pdfIn PDF document text
    • http://galletta.com/images/hack-ants-roblox-acount.pdfIn PDF document text
    • http://gamixpaliwa.pl/images/roblox-music-id-young-wild-and-free.pdfIn PDF document text
    • https://www.hofe-gmbh.de/images/free-robux-400-code.pdfIn PDF document text
    • http://dmoraitis.gr/images/clothes-in-roblox-free.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/how-to-get-free-robux-legit-2021.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/roblox-all-gamepasses-free-script.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/hack-robux-no-inspect.pdfIn PDF document text
    • http://www.isovca.com/images/hacks-para-roblox-descargar-gratis.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/hack-the-robux-2021.pdfIn PDF document text
    • http://petarda.hu/images/how-to-hack-lucky-blocks-roblox.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/roblox-pistol-script-hack.pdfIn PDF document text
    • http://kruiz21.ru/images/free-roblox-vip-sign-ups.pdfIn PDF document text
    • http://peche-madagascar.com/images/life-in-paradise-roblox-hacks.pdfIn PDF document text
    • http://www.boutique-nature.fr/images/free-robux-generator-without-doing-anything.pdfIn PDF document text
    • http://adues.org/images/roblox-cheat-god-mode.pdfIn PDF document text
    +12 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00007f17.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x7F17 25896 bytes
SHA-256: 0c8d1e42263342b79c2ea9372bca1f4033e78f441f30fc5f453ca3bf6ea3f26f
font_01_sfnt_off0000b9f6.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB9F6 18256 bytes
SHA-256: d06259492fa679c6a1e7bfdccaa613706a5bf5ca98920553a0ef42991c9ee9e5