PDF static analysis report

Static analysis result for SHA-256 93204a846b7ad132…

SUSPICIOUS

PDF

45.3 KB Created: 2021-04-03 05:50:12 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-18
MD5: 3148c09679b11d0ee19366e237eb8c06 SHA-1: befb6d95bb37bad56d39a1895d4b5eee748eb4ee SHA-256: 93204a846b7ad132b076f3ebfe6b648dfadf8868a39d8d471d64985c17d7d44a
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9434

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/john-doe-roblox-hacker-march-18 PDF link annotation
    • http://energotestcontrol.ru/images/roblox-mac-cheat-engine.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/robux-cheat-2021.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/free-free-free-free-robux.pdfIn PDF document text
    • https://www.saisystem.it/images/hack-engines-for-roblox-swordburst-2.pdfIn PDF document text
    • https://www.stkdb.cz/images/free-character-in-roblox-2021.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/roblox-promocode-hack.pdfIn PDF document text
    • http://kids-academy.pl/images/roblox-hack-2021-working.pdfIn PDF document text
    • https://www.ghknights.org/images/free-outfit-from-roblox.pdfIn PDF document text
    • https://www.hbproducts.dk/images/how-to-get-any-item-on-roblox-for-free-2021.pdfIn PDF document text
    • http://nevesomost.by/images/how-can-i-get-free-robux-without-paying.pdfIn PDF document text
    • http://www.remiauclair.fr/images/free-items-in-roblox-games.pdfIn PDF document text
    • https://kimolos-link.gr/images/hack-roblox-2021-roblux.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/roblox-treasure-wuest-how-to-get-effects-for-free.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/how-to-hack-into-roblox-account-roblox.pdfIn PDF document text
    • http://escolaarboc.cat/images/how-to-draw-roblox-hacker.pdfIn PDF document text
    • http://www.remiauclair.fr/images/hack-roblox-apocalypse-rising-2021.pdfIn PDF document text
    • http://www.maakherumusic.net/images/gamnes-that-give-free-robux-without-pass.pdfIn PDF document text
    • http://bkd1.balikpapan.go.id/images/roblox-super-speed-hack.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/roblox-promocodes-for-free-robux.pdfIn PDF document text
    • http://www.mikramarine.gr/images/how-to-get-speed-hacks-in-roblox-jailbreak.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/how-to-hack-mad-city-roblox.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/how-to-hack-account-in-roblox-2021.pdfIn PDF document text
    • http://zarinnameh.ir/images/free-robux-generator-no-human-verification-or-offers.pdfIn PDF document text
    • https://www.saisystem.it/images/mobihack-net-roblox-hack-2021.pdfIn PDF document text
    • http://zarinnameh.ir/images/robux-promo-codes-free.pdfIn PDF document text
    • http://zarinnameh.ir/images/hack-files-for-roblox.pdfIn PDF document text
    • http://nevesomost.by/images/how-to-get-free-robux-inspect.pdfIn PDF document text
    • https://accord.kiev.ua/images/earn-free-robux-generator.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/how-to-get-free-robux-without-builders-club-2021.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/comment-hack-sur-roblox-admin.pdfIn PDF document text
    • http://www.copoint.co.uk/images/roblox-dinosaur-simulator-cheats-dna.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/como-tener-robux-gratis-sin-hacks-ni-servicios.pdfIn PDF document text
    • https://meltonschool.org/images/free-10-codes-for-roblox-no-human-verfication.pdfIn PDF document text
    • https://tokunfome.com.br/images/pc-roblox-hack.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/how-to-get-free-outrageous-builders-club-on-roblox-2021.pdfIn PDF document text
    • http://www.gadanie.lv/images/roblox-hack-client-2021-february.pdfIn PDF document text
    • https://www.millatgears.com/images/lockview-hack-roblox.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/fill-in-form-for-free-robux.pdfIn PDF document text
    • http://nevesomost.by/images/free-robux-just-join-group.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/roblox-lego-hack-2021.pdfIn PDF document text
    • http://www.torvet11.dk/images/how-to-hack-a-roblox-account-password-2021.pdfIn PDF document text
    • http://www.maakherumusic.net/images/roblox-cheat-engine-61-money-hack.pdfIn PDF document text
    • http://energotestcontrol.ru/images/dragon-ball-rage-roblox-hack-script.pdfIn PDF document text
    • http://www.fanciullovito.it/images/cheat-engine-hack-roblox-speed.pdfIn PDF document text
    • https://fkg.usu.ac.id/images/free-robux-2021-december.pdfIn PDF document text
    • http://www.brtes.com/images/wearedevs-roblox-hack.pdfIn PDF document text
    • https://corbo.ru/images/ban-hack-roblox.pdfIn PDF document text
    • https://www.milewood.co.uk/images/stella-roblox-hack-download.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/how-to-get-unlimited-free-robux-on-roblox-2021.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00005742.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x5742 23156 bytes
SHA-256: 1c0171dafd6cbb7b0513b96e0c56b999af8e196dd829af7de1856cbd0739b1bd
font_01_sfnt_off00008b60.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8B60 18728 bytes
SHA-256: 7f74c109c0db7c2e79d46231c362954e4db518f5dc0bda89712d33bc6a94e796