PDF static analysis report

Static analysis result for SHA-256 98711b10aaeacc27…

SUSPICIOUS

PDF

60.4 KB Created: 2021-04-05 21:12:08 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-05
MD5: 7fb4f43eb9e6fc71e9f8c85518f86f39 SHA-1: a0d50d143dda3a6dd1dfe591c38e0c3f73c5fa62 SHA-256: 98711b10aaeacc2708462794878ec5eeae9f1feb077710515917754f06401ef1
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains numerous embedded URLs and a heuristic firing for an external URI, all related to 'Roblox cheats' or 'hacks'. The presence of a 'download button' heuristic further suggests a lure to download potentially malicious content. The document body, though partially corrupted, contains text and URLs consistent with a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/cheats-that-make-you-get-staff-on-roblox-on-computer PDF link annotation
    • https://www.porthos.it/images/aplicacion-de-hacks-para-pc-en-roblox.pdfIn PDF document text
    • http://only1you.ru/images/hack-of-roblox.pdfIn PDF document text
    • http://www.anies.eu/images/how-do-i-get-free-robux-without-human-verification.pdfIn PDF document text
    • https://jdlgroup.ca/images/how-to-get-free-robux-on-hp-laptop.pdfIn PDF document text
    • http://cosmosdawn.net/images/how-to-hack-your-friends-in-roblox.pdfIn PDF document text
    • http://www.compusiteinc.com/images/hack-roblox-com-2021.pdfIn PDF document text
    • https://www.seeingindependence.org/images/how-to-hack-roblox-inspect.pdfIn PDF document text
    • https://gestionpatrimonial.net/images/money-for-roblox-strucid-free.pdfIn PDF document text
    • https://www.audev.com/images/images-of-jhon-do-hacker-roblox.pdfIn PDF document text
    • https://arcasict.nl/images/roblox-phantom-forces-aimbot-mod-download-free-2021.pdfIn PDF document text
    • http://nitetpl3.com/images/real-roblox-robux-hack.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/how-do-you-get-free-robux-no-human-verification.pdfIn PDF document text
    • http://www.les2alpes-location.com/images/black-clover-roblox-hack-script.pdfIn PDF document text
    • https://kinderdam.nl/images/free-hat-avatar-roblox.pdfIn PDF document text
    • http://www.ntc.edu.za/images/eli1t3-roblox-free-shirt.pdfIn PDF document text
    • http://modlingua.com/images/earn-free-robux-by-watching-videos-and-playing-games.pdfIn PDF document text
    • http://sandra-masemann.de/images/hacking-into-denis-daily-account-roblox.pdfIn PDF document text
    • http://bolandergroup.com/images/free-clothes-maker-roblox.pdfIn PDF document text
    • http://www.cosver.nl/images/how-to-sell-a-free-model-on-roblox-studio.pdfIn PDF document text
    • https://www.foodsafety.cz/images/robux-hack-generator-download.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/robux-hack-link.pdfIn PDF document text
    • https://bgescc.com/images/how-to-get-free-roblox-catalog-items-2021.pdfIn PDF document text
    • https://verdensbarn.no/images/roblox-build-a-boat-hack-nopde.pdfIn PDF document text
    • http://selectionspdf.fr/images/roblox-free-rthro-packages.pdfIn PDF document text
    • https://corbo.ru/images/the-app-that-gives-you-free-robux.pdfIn PDF document text
    • http://teknotools.net/images/roblox-parkour-hack-june-2021.pdfIn PDF document text
    • https://jdlgroup.ca/images/how-to-sell-a-tshirt-for-free-on-roblox.pdfIn PDF document text
    • https://www.iadh.bi/images/pastebin-free-robux-100-working-2021.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/how-to-hack-roblox-accounts-2021-console.pdfIn PDF document text
    • http://www.maakherumusic.net/images/how-to-get-free-clothes-on-in-roblox.pdfIn PDF document text
    • https://masseymotorcars.com/images/free-robux-only-code-hack.pdfIn PDF document text
    • http://mostowicz.pl/images/roblox-tips-and-cheats.pdfIn PDF document text
    • http://brandyourbody.com/images/roblox-restaurant-tycoon-hack-luac.pdfIn PDF document text
    • http://domaizdereva24.ru/images/how-to-speed-hack-in-roblox-jailbreak-2021.pdfIn PDF document text
    • http://yogaschooldecypres.be/images/how-to-get-the-game-bloxtube-for-free-roblox.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/roblox-night-of-the-werewolf-cheats.pdfIn PDF document text
    • http://santeh-40.ru/images/how-hacks-for-trading-pet-simulator-roblox.pdfIn PDF document text
    • http://ghegamethu.vn/images/how-to-sell-roblox-items-for-free.pdfIn PDF document text
    • http://www.gadanie.lv/images/hacking-my-friends-roblox-account.pdfIn PDF document text
    • http://fmbompastor.com.br/images/how-to-change-my-roblox-name-for-free.pdfIn PDF document text
    • http://finalstand.org/images/hack-tool-roblox-lumber-tycoon-2.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/dayz-2-roblox-hack.pdfIn PDF document text
    • http://ivpr.net/images/best-roblox-avatars-free.pdfIn PDF document text
    • http://demenagementlandry.com/images/how-to-add-free-robux-to-your-account.pdfIn PDF document text
    • http://www.pacoestrada.it/images/ben-10-universal-showdown-cheats-codes-roblox.pdfIn PDF document text
    • https://www.brainpads.com/images/how-to-get-admin-commands-on-roblox-without-cheat-engine.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/roblox-murder-mystery-2-knife-hack.pdfIn PDF document text
    • https://www.albisser.ch/images/free-girl-roblox-clothes.pdfIn PDF document text
    • http://www.pro-futuro.eu/images/how-to-get-free-headphones-on-roblox-2021.pdfIn PDF document text
    +17 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008373.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8373 25308 bytes
SHA-256: a3ffffd005b67476e625d496862d42b2edc5aac3182723de17e7060296890db7
font_01_sfnt_off0000bc3d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBC3D 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c5ed.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC5ED 19132 bytes
SHA-256: 38e9132d7ccff7a039a07478baa727db62728024c18d28f9edeff04d4fec8bff