PDF static analysis report

Static analysis result for SHA-256 9a788f3570ddc98f…

SUSPICIOUS

PDF

57.3 KB Created: 2021-04-06 00:20:59 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 41d7ea4eaba250bc0a31edc4084b242c SHA-1: 9ab61bf00bd537e8a195477f63b7ff7181ea7acd SHA-256: 9a788f3570ddc98f7659ce93a576a848be6c4cee139319f2a0c66193181f99f5
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/protomaster-roblox-free PDF link annotation
    • http://stroygrad-spb.com/images/free-limited-items-roblox.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/hack-robux-in-pc-now-2021.pdfIn PDF document text
    • http://biccairo.com/images/free-robux-tutorial-2021.pdfIn PDF document text
    • http://biccairo.com/images/free-robux-scam-site.pdfIn PDF document text
    • http://echosvoix.ch/images/roblox-hack-peoples.pdfIn PDF document text
    • http://loszavera.com/images/roblox-cheat-codes-for-money-xbox-one.pdfIn PDF document text
    • https://www.gymun.cz/images/roblox-street-racing-unleashed-cheats.pdfIn PDF document text
    • http://www.comitatoiseo.org/images/como-ser-hacker-en-roblox-2021.pdfIn PDF document text
    • http://ktn.com.br/images/free-aesthetic-stuff-on-roblox.pdfIn PDF document text
    • http://www.awakeningtruth.org/images/roblox-hacked-accounts-list-2021-with-robux.pdfIn PDF document text
    • http://evro-okna.net/images/ex7-roblox-free.pdfIn PDF document text
    • https://www.mvp.co.nz/images/synapse-hack-roblox-download.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/how-to-get-free-robux-nicster.pdfIn PDF document text
    • http://www.hawler.in/images/roblox-robux-code-generator-download-free-no-human-verification.pdfIn PDF document text
    • http://ilifemarket.ru/images/roblox-free-username-change.pdfIn PDF document text
    • https://www.cfdcnv.com/images/new-logo-on-roblox-gives-40m-free-robux.pdfIn PDF document text
    • http://osteonad.com/images/free-robux-cheat-2021.pdfIn PDF document text
    • http://www.comitatoiseo.org/images/ultimate-driving-roblox-cheat-speeding.pdfIn PDF document text
    • http://sandra-masemann.de/images/roblox-bubble-gum-leviathan-free.pdfIn PDF document text
    • https://wandersuechtig.de/images/free-executor-roblox-2021.pdfIn PDF document text
    • https://amatq.ca/images/free-robux-no-verification-no-download-no-survey.pdfIn PDF document text
    • https://technospektr.com.ua/images/get-clothes-for-free-on-roblox.pdfIn PDF document text
    • http://hondenspecialist-engelien.nl/images/roblox-bird-simulator-hack-script.pdfIn PDF document text
    • https://newenglandafs.com/images/vip-server-roblox-free.pdfIn PDF document text
    • http://alarmed.pl/images/free-robux-with-no-human-verification-2021.pdfIn PDF document text
    • https://www.rondeberg.com/images/how-to-hack-roblox-2021-march.pdfIn PDF document text
    • http://www.anies.eu/images/play-free-games-roblox-com.pdfIn PDF document text
    • http://generatorgallery.com.au/images/how-to-get-free-robux-and-fast.pdfIn PDF document text
    • https://accord.kiev.ua/images/roblox-crown-free.pdfIn PDF document text
    • http://rushxpress.de/images/free-1-robux-a-day.pdfIn PDF document text
    • http://cleanteclogistics.com/images/rpg-world-cheats-roblox.pdfIn PDF document text
    • https://www.albisser.ch/images/https-wwwrobloxcom-catalog-keyword-freecategory-1direction-2.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/roblox-apk-hack-mod.pdfIn PDF document text
    • http://bau-lk.de/images/how-to-get-22-500-robux-for-free.pdfIn PDF document text
    • https://www.ncscolour.no/images/roblox-multi-hack-2021.pdfIn PDF document text
    • http://bunadsmaria.com/images/free-pins-for-roblox.pdfIn PDF document text
    • http://icomsolutions.com.au/images/free-fast-ways-to-get-robux.pdfIn PDF document text
    • http://axia-verlag.at/images/abstract-free-roblox.pdfIn PDF document text
    • http://interpretation-dessins-enfants.net/images/how-to-cheat-in-booga-booga-roblox.pdfIn PDF document text
    • http://kulturlandschaften.eu/images/free-robux-and-tix-generator.pdfIn PDF document text
    • https://luminouswisdom.org/images/how-to-buy-robux-on-roblox-for-free.pdfIn PDF document text
    • http://dos.most.gov.la/images/roblox-cheatgg-safe.pdfIn PDF document text
    • http://belagrogen.by/images/hack-free-robux-2021.pdfIn PDF document text
    • http://lillysonthelake.com/images/dungeon-quest-roblox-hack-script-pastebin.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/april-12th-2021-roblox-hackings.pdfIn PDF document text
    • http://www.apocalissedigesucristo.com/images/roblox-flee-the-facility-hack-script.pdfIn PDF document text
    • http://www.gearestauri.it/images/free-roblox-games-that-give.pdfIn PDF document text
    • http://mechanism.gr/images/free-vip-server-for-roblox-gravity-shift.pdfIn PDF document text
    • https://www.stkdb.cz/images/how-to-hack-roblox-and-get-meep-city-coins-fast.pdfIn PDF document text
    +17 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008135.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8135 26708 bytes
SHA-256: b80effe78f0281efe358fac29a14837517041ef7c8a7c2db09e9b9f07d814cc9
font_01_sfnt_off0000bd17.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBD17 18116 bytes
SHA-256: f51362714406828c053be4f629c7715f3c23105900967023e163b83a3ba09375