PDF static analysis report

Static analysis result for SHA-256 95a5040d53e75e92…

SUSPICIOUS

PDF

60.0 KB Created: 2021-04-05 20:36:10 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-02
MD5: f28331a417c481f59f940b4f3c0f0cf5 SHA-1: 345e94057dcc63e0d806f6fa5673835b4177f293 SHA-256: 95a5040d53e75e929628ebe9ed33b309070fe7d9de5452948d1ada68c7748fe2
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-witch-hat-free PDF link annotation
    • http://fmbompastor.com.br/images/free-roblox-accounts-with-robux-2021.pdfIn PDF document text
    • http://dottgagliardi.com/images/roblox-admin-system-hack.pdfIn PDF document text
    • http://www.ntc.edu.za/images/jailbreak-roblox-hack-2021.pdfIn PDF document text
    • http://kids-academy.pl/images/how-to-get-free-faces-on-roblox-mobile.pdfIn PDF document text
    • http://racunari.in.rs/images/how-to-hack-roblox-accounts-with-bruteforce.pdfIn PDF document text
    • https://www.dachytarasowe.eu/images/hack-para-roblox-jailbreak-coat-y-muchos-mas.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/how-to-hack-roblox-with-artmoney.pdfIn PDF document text
    • https://www.laarsenco.nl/images/how-to-get-free-robux-2021.pdfIn PDF document text
    • https://www.saisystem.it/images/pastebin-how-to-get-free-robux.pdfIn PDF document text
    • http://bned-leader.co.uk/images/how-to-hack-a-account-in-roblox.pdfIn PDF document text
    • http://kulturhusbabberich.nl/images/www-free-robux-me.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/free-robux-no-human-verification-2021-or-survey-or-offers.pdfIn PDF document text
    • http://palogar.es/images/robux-hack-ultimate-pro.pdfIn PDF document text
    • http://businessfit.com/images/cydia-roblox-hack.pdfIn PDF document text
    • https://www.ferienhausdirektkroatien.de/images/roblox-free-items-2021-december.pdfIn PDF document text
    • http://altc.de/images/free-roblox-robux-hack-generator-no-survey-2021.pdfIn PDF document text
    • http://hospitalsalamanca.cl/images/hack-mod-menu-roblox-2021.pdfIn PDF document text
    • https://www.tsdb.com.au/images/roblox-free-level-6-exploit-2021.pdfIn PDF document text
    • https://letturatarghe.it/images/how-to-create-your-own-robux-hack.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/roblox-pokemon-brick-bronze-hack-download.pdfIn PDF document text
    • http://firstaidacademy.be/images/free-robux-codes-october-2021.pdfIn PDF document text
    • http://ns1.radiofacil.net/images/how-to-hack-roblox-with-inspect-element-2021.pdfIn PDF document text
    • http://agritrade-ukraine.com/images/how-to-get-free-robux-in-roblox-by-inspect-2021.pdfIn PDF document text
    • http://karldall.dk/images/i-love-free-robux.pdfIn PDF document text
    • https://www.hotschool.com.au/images/free-rape-script-for-roblox.pdfIn PDF document text
    • https://wandersuechtig.de/images/my-roblox-girlfriend-cheated-on-me.pdfIn PDF document text
    • http://wireprod.net/images/hack-admin-sword-roblox.pdfIn PDF document text
    • https://www.porthos.it/images/how-do-you-hack-roblox-adopt-me.pdfIn PDF document text
    • http://domaizdereva24.ru/images/free-account-giveaway-roblox-2021.pdfIn PDF document text
    • http://www.mikramarine.gr/images/best-free-items-on-roblox-2021.pdfIn PDF document text
    • http://thomas-hartl.at/images/scam-free-robux.pdfIn PDF document text
    • http://emilac.com/images/free-robux-no-survey-2021-working-august.pdfIn PDF document text
    • https://www.academiaanticorrupcion.org/images/roblox-execute-script-hack.pdfIn PDF document text
    • https://www.laarsenco.nl/images/how-to-hack-roblox-passwords-on-mobile.pdfIn PDF document text
    • http://traveltrucks.com.au/images/how-to-get-free-wings-on-roblox.pdfIn PDF document text
    • http://homequeen.de/images/roblox-script-button-for-hacks-fake.pdfIn PDF document text
    • http://www.rezbb.sk/images/reddit-free-robux.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/counter-blox-roblox-offensive-hacks-wall-hacks.pdfIn PDF document text
    • https://domoticaaplicada.com/images/the-easiest-way-to-get-free-robux.pdfIn PDF document text
    • http://www.friendshiptransport.net/images/roblox-cool-free-girl-looks.pdfIn PDF document text
    • http://echosvoix.ch/images/how-to-use-cheat-engine-on-roblox-without-shutdown-2021.pdfIn PDF document text
    • http://icomsolutions.com.au/images/mobile-roblox-hack-download.pdfIn PDF document text
    • https://gomsa.nl/images/roblox-hack-cheat-engine-2021.pdfIn PDF document text
    • http://gvtssp.org/images/hack-to-get-unlimited-robux-free.pdfIn PDF document text
    • http://aadvanderklaauw.nl/images/roblox-best-robux-hack.pdfIn PDF document text
    • http://huananhai.net/images/bloxburg-on-roblox-free-play.pdfIn PDF document text
    • http://condit-pack.com/images/cheat-roblox-musculation.pdfIn PDF document text
    • http://butkimloai.com/images/roblox-free-no-login.pdfIn PDF document text
    • https://www.air-shop.cz/images/roblox-admin-hacks-2021.pdfIn PDF document text
    +21 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008289.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8289 26576 bytes
SHA-256: 1d20847e9ed90b769b1b0edfcbfa77432b2ee6affec701bdea2c0f977b5464dc
font_01_sfnt_off0000bd7d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBD7D 2896 bytes
SHA-256: 90d77d065f93150ee652ed3ce79924b5ebfcae47abf79a24366adbef9fa21c4a
font_02_sfnt_off0000c77c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC77C 18136 bytes
SHA-256: 7eb8f7ae0bf73626c86846589e20889134158e3507b14e05c8ce9d034d4dc69e