Malicious PDF — malware analysis report

Static analysis result for SHA-256 98585575610661e0…

MALICIOUS

PDF

239.3 KB Created: 2021-04-05 04:42:27 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7)
MD5: 7c25b359ede8fe01aa4b57550cd38beb SHA-1: 451789785854336f3816d1fdf5fedbbdd88df2ca SHA-256: 98585575610661e020332ed84fcb4cd73a25cd88946ab3f03860b038a9d6c5ec
102 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous embedded URLs, many of which are related to 'Robux hacks' and 'free Robux', indicating a phishing or scam attempt. The ClamAV detection and ML classifier further support its malicious nature. The presence of external URIs and embedded URLs suggests the document is designed to redirect users to malicious sites, likely to download further malware or steal credentials.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5773

Heuristics 4

  • ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/instant-hack-robux
    • http://ottawavalleykitchens.ca/images/roblox-free-30-robux.pdf
    • http://sealysports.com/images/roblox-hack-gui-free.pdf
    • http://ghegamethu.vn/images/hack-money-jailbreak-roblox.pdf
    • http://fratellimazzoleni.it/images/infinte-jump-hack-roblox.pdf
    • http://jdlrelocation.com/images/working-free-robux-hacks.pdf
    • http://rushxpress.de/images/beyond-roblox-hack-scriptr.pdf
    • http://jwcrownlimo.net/images/how-to-get-free-clothes-on-roblox-on-a-phone.pdf
    • http://subarulegacy.com/images/citizen-hacks-roblox-jailbrea.pdf
    • http://xn--apartementos-smfora-cala-ratjada-4vc.de/images/unlimited-roblox-hack-script.pdf
    • http://www.guidaturisticaverona.it/images/free-robux-download-ios.pdf
    • http://kruiz21.ru/images/how-to-get-free-robux-on-ipad-without-human-verification.pdf
    • https://kimolos-link.gr/images/roblox-how-to-get-everything-free-in-the-catalog.pdf
    • http://chartsmart.com.au/images/how-to-get-free-animations-on-roblox-2021.pdf
    • http://ptts.pl/images/ban-people-hack-roblox.pdf
    • http://sscclc.edu.ec/images/aimbot-hacks-for-roblox-cbro.pdf
    • http://joshherman.com/images/pastebin-free-robux-2021.pdf
    • http://www.thecoffeebaron.co.za/images/robux-extreme-hack-code.pdf
    • https://www.porthos.it/images/roblox-free-play-no-download-login.pdf
    • http://www.zdravazena.sk/images/cheats-to-dungeon-quest-roblox.pdf
    • http://iedarelief.us/images/roblox-adopt-me-pet-hacks.pdf
    • http://en.wikipedia.org/wiki/MIT_License

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000369bb.bin
b1904dd036117ba8a891af4dc20ce4779b9a4859b6549d07bf2bfbeba0bdfced		 pdf-font-stream PDF embedded font (sfnt) at offset 0x369BB 21648 bytes
font_01_sfnt_off000398ad.bin
4dead086d1b905901dba1aa8909b5f2de1e0cb949dbe9cbd02d75d462497e68b		 pdf-font-stream PDF embedded font (sfnt) at offset 0x398AD 17792 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.