PDF static analysis report

Static analysis result for SHA-256 a7abb53acfa0347e…

SUSPICIOUS

PDF

60.9 KB Created: 2021-04-05 19:49:50 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 49eed4af1e958933098f2ccce3c07d78 SHA-1: 0fe7adde7b004a514862649282a10b8081bb6bad SHA-256: a7abb53acfa0347e204502e38e480271b39770b5b3cd608019d23d1732e1ddc8
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains numerous URLs related to Roblox cheats and hacking, with one prominent URL suggesting a download. The ML classifier also flagged the document as malicious. The presence of a download button heuristic further supports the intent to trick the user into downloading a potentially malicious file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/discord-king-of-queen-roblox-cheat PDF link annotation
    • https://cdu-lengerich.de/images/videos-de-como-ser-hacker-en-roblox-2021.pdfIn PDF document text
    • https://hbpbenin.com/images/cheat-engine-hack-roblox-rpg.pdfIn PDF document text
    • http://medicalafrica.net/images/roblox-script-changer-hack.pdfIn PDF document text
    • http://www.mosaikshop.at/images/comment-hacker-vehicule-simulator-sur-roblox-2021.pdfIn PDF document text
    • http://jdlrelocation.com/images/how-to-hack-into-peoples-roblox-accounts.pdfIn PDF document text
    • https://jdlgroup.ca/images/codes-for-skyscraper-tycoon-roblox-that-give-free-robux.pdfIn PDF document text
    • http://www.prylfabriken.se/images/how-roblox-got-hacked.pdfIn PDF document text
    • http://moralcenter.or.th/images/bxworld-free-robux.pdfIn PDF document text
    • http://biccairo.com/images/anonymous-hacker-script-roblox.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/free-robux-glitch-xbox-one-2021.pdfIn PDF document text
    • https://www.albisser.ch/images/hacker-roblox-bob-esponja.pdfIn PDF document text
    • http://lllaw.eu/images/roblox-invisible-hack-2021.pdfIn PDF document text
    • http://rainbowbuddha.academy/images/codes-to-hack-roblox.pdfIn PDF document text
    • http://nevesomost.by/images/games-for-free-to-play-fortnite-like-roblox.pdfIn PDF document text
    • https://www.archimadrid.org/images/infinte-jump-hack-roblox.pdfIn PDF document text
    • http://linens.kiev.ua/images/hack-jailbreak-roblox-2021-krankheit.pdfIn PDF document text
    • https://www.iadh.bi/images/free-bc-roblox-accounts-2021.pdfIn PDF document text
    • http://clubpure.org/images/how-to-get-free-robux-on-your-phone.pdfIn PDF document text
    • http://accesslabs.ca/images/games-o-roblox-that-allow-free-song-id.pdfIn PDF document text
    • http://www.nicoifruttidelchicco.org/images/how-to-cheat-at-boku-no-roblox-remastered.pdfIn PDF document text
    • http://legs11.co.za/images/hacker-face-roblox.pdfIn PDF document text
    • http://britishcomics.com/images/doge-roblox-hat-free.pdfIn PDF document text
    • http://www.fanciullovito.it/images/roblox-create-an-audio-free.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/bee-swarm-hack-roblox.pdfIn PDF document text
    • http://bressanassessoria.com.br/images/robux-com-free-robux.pdfIn PDF document text
    • http://getthelook-bkk.com/images/how-to-get-roblox-bc-for-free.pdfIn PDF document text
    • https://www.manisoft.ir/images/5-morph-to-look-like-a-hacker-in-roblox.pdfIn PDF document text
    • http://www.compusiteinc.com/images/free-robux-generator-roblox-no-survey-pc.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-hack-teleport-in-roblox.pdfIn PDF document text
    • http://paro.net.ua/images/life-in-paradise-roblox-hacks.pdfIn PDF document text
    • https://www.ukrtrans.biz/images/roblox-plus-download-free.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/how-to-make-hack-models-in-roblox.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/how-to-inspect-free-robux.pdfIn PDF document text
    • http://cosver.eu/images/hack-initiate-unlimited-free-robux-40m.pdfIn PDF document text
    • http://www.inservis.cl/images/roblox-free-downloader-igg.pdfIn PDF document text
    • https://www.iadh.bi/images/how-to-get-free-robux-by-calling-roblox.pdfIn PDF document text
    • https://www.stoehr-sauer.de/images/hack-off-roblox.pdfIn PDF document text
    • http://finalstand.org/images/my-roblox-place-hack-by.pdfIn PDF document text
    • http://lv-siegen.de/images/how-to-get-400-robux-on-roblox-for-free.pdfIn PDF document text
    • http://cmfd.nl/images/how-get-new-outfit-in-roblox-for-free.pdfIn PDF document text
    • http://hindicenter.com/images/how-to-get-halo-for-free-roblox.pdfIn PDF document text
    • http://alpen-seeblick.at/images/the-cheat-for-roblox.pdfIn PDF document text
    • http://biljartenbarendrecht.nl/images/anti-hacker-roblox.pdfIn PDF document text
    • http://ilijakom.com/images/cool-face-roblox-free.pdfIn PDF document text
    • http://www.campiresine.it/images/free-robux-without-survey-or-download.pdfIn PDF document text
    • http://bkd1.balikpapan.go.id/images/roblox-hack-autohotkey-roblox-piano-player.pdfIn PDF document text
    • https://www.romedia.gr/images/how-to-get-free-schrt-in-robux-copyng-it.pdfIn PDF document text
    • http://lanoblaie.fr/images/how-to-get-10k-robux-by-redeem-code-free.pdfIn PDF document text
    • http://imp.lg.ua/images/free-robux-glitch-december-2021.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000080c8.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x80C8 27248 bytes
SHA-256: 8512a9d18499e90aa5f5ae906227c6df3c52bde88b1108a68457443de7b5e060
font_01_sfnt_off0000bdea.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBDEA 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c79a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC79A 19216 bytes
SHA-256: bb4511308695687f1265174586f65168953639c5511874cb3e89c5a2d869417c