PDF static analysis report

Static analysis result for SHA-256 978c8dc2c17cba7f…

SUSPICIOUS

PDF

56.6 KB Created: 2021-04-05 21:01:26 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-22
MD5: 3a7c2cdef90a4d420cfb3dd099beb5c3 SHA-1: ffde795f4addf7e475c0a5f57972ec7e7dabc3bd SHA-256: 978c8dc2c17cba7f258c73def31a0381b6d9c21a467312ee4667cc1f5c17d965
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/trurkey-hack-roblox PDF link annotation
    • http://www.sapaengineering.kz/images/roblox-hack-iphone.pdfIn PDF document text
    • https://www.audev.com/images/hacking-is-allowed-roblox.pdfIn PDF document text
    • https://www.showalterpropertyconsultants.com/images/how-to-not-get-hacked-on-roblox.pdfIn PDF document text
    • http://principessalialaofegypt.com/images/how-to-get-free-roblox-items-2021.pdfIn PDF document text
    • https://www.olboys.it/images/how-to-find-out-who-hacked-your-roblox.pdfIn PDF document text
    • https://www.arquetopia.org/images/www-roblox-cheat-us-limite.pdfIn PDF document text
    • https://bancroftandsons.com/images/roblox-lumber-tycoon-2-spawn-hack.pdfIn PDF document text
    • http://ptts.pl/images/roblox-how-to-get-free-robux-without-hacking.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/free-robux-for-downloading-apps.pdfIn PDF document text
    • https://mixdoors.ru:443/images/hacks-para-roblox-strucid.pdfIn PDF document text
    • http://bullyinformate.org/images/how-to-hack-roblox-admin.pdfIn PDF document text
    • http://bestmaids.co.uk/images/how-to-get-clothes-for-free-on-roblox.pdfIn PDF document text
    • https://kimolos-link.gr/images/websites-that-get-you-free-robux.pdfIn PDF document text
    • https://farkas.de/images/hacks-for-boku-no-legacy-alpha-2xexp-roblox.pdfIn PDF document text
    • http://www.imwd.it/images/kranberry-roblox-hack-download.pdfIn PDF document text
    • http://energotestcontrol.ru/images/bugmenot-roblox-2021-free.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/clout-goggles-roblox-hack-rb-world.pdfIn PDF document text
    • http://bau-lk.de/images/free-robux-quick-generator.pdfIn PDF document text
    • https://piscinasmundoacuatico.com/images/roblox-escape-room-theater-cheats.pdfIn PDF document text
    • https://bancroftandsons.com/images/how-to-get-any-free-robux-item.pdfIn PDF document text
    • https://kimolos-link.gr/images/roblox-speed-race-hacks-download.pdfIn PDF document text
    • http://www.adravietnam.org/images/roblox-rs-hack-download.pdfIn PDF document text
    • http://gaec.cl/images/roblox-bloxburg-free-play.pdfIn PDF document text
    • https://www.milewood.co.uk/images/get-anything-free-catalog-roblox.pdfIn PDF document text
    • https://zszolesno.pl/images/roblox-install-free-mac.pdfIn PDF document text
    • http://osteonad.com/images/roblox-how-to-get-in-bloxburg-for-free.pdfIn PDF document text
    • https://reggieslockandkey.com/images/roblox-4game-club-hack.pdfIn PDF document text
    • http://grahambettsmotors.com/images/cheat-engine-roblox-hack-client.pdfIn PDF document text
    • http://bilhetim.com.br/images/comment-installer-un-cheat-sur-cbro-roblox.pdfIn PDF document text
    • https://www.cnte.org.br/images/roblox-game-private-free.pdfIn PDF document text
    • http://bunadsmaria.com/images/how-to-hack-roblox-files.pdfIn PDF document text
    • https://pagadder.com/images/roblox-apocalypse-rising-2-teleport-hack.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/roblox-a-bizarre-day-cheats.pdfIn PDF document text
    • http://pa-tanjungselor.go.id/images/noclip-hack-roblox-wearedevs.pdfIn PDF document text
    • http://pdapanache.com/images/roblox-cheats-and-hacks-download.pdfIn PDF document text
    • http://brusivojimi.com/images/roblox-meme-hack-2021.pdfIn PDF document text
    • http://www.hawler.in/images/robux-card-codes-free.pdfIn PDF document text
    • http://yochin.org.tw/images/how-do-you-get-free-robux-2021.pdfIn PDF document text
    • https://kimolos-link.gr/images/free-robux-promo-codes-2021-may.pdfIn PDF document text
    • http://sudamericarural.org/images/how-to-call-roblox-for-hacked-account.pdfIn PDF document text
    • http://steklofara.com.ua/images/get-robux-for-free-and-quickly.pdfIn PDF document text
    • https://www.devries-group.de/images/how-do-you-change-your-username-in-roblox-for-free.pdfIn PDF document text
    • http://giolantapepe.gr/images/free-robux-2021-no-waiting-instant-no-inspect.pdfIn PDF document text
    • https://www.alu-as.cz/images/roblox-royale-high-cheats-for-diamonds-2021-december.pdfIn PDF document text
    • https://bdsm-centrum.com/images/all-free-roblox-hats.pdfIn PDF document text
    • http://gods-own.org/images/hacking-roblox-accounts-2021.pdfIn PDF document text
    • http://gestibrok.com/images/free-followers-on-roblox-no-human-verification.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/pastebin-roblox-accounts-hack.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/4-elements-tycoon-roblox-how-do-get-free-wrath-hammer.pdfIn PDF document text
    +17 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000080a3.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x80A3 25904 bytes
SHA-256: c0860f6a353b519f8381a797896ad4a3b56f43fc7919eb3cc00010ed0d3e706f
font_01_sfnt_off0000bac9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBAC9 17876 bytes
SHA-256: e5e7e42be71b53a4e8143dd28308ba6a72f7e7eb98053f3702fbc7e627fb9e68