PDF static analysis report

Static analysis result for SHA-256 ab7df0abeb99dafa…

SUSPICIOUS

PDF

60.2 KB Created: 2021-04-05 22:39:20 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 01e23d0d17e15e50bda86b6c507a9ad9 SHA-1: dbcaec53c95b1ee3f51319530b69f92a3c52f905 SHA-256: ab7df0abeb99dafaeef546f54cdb02d1b644c69edd9f6db5a115c8b5d17bd6db
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous links related to Roblox exploits and free Robux, suggesting a lure for users interested in these topics. The ML classifier flagged the PDF as malicious, and the presence of external URIs further supports a malicious intent. Although no scripts were directly extracted, the document's structure and embedded URLs indicate it's designed to redirect users to potentially harmful websites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/3-roblox-games-that-give-free-robux PDF link annotation
    • https://www.sitiwebjoomla.it/images/roblox-how-to-make-ranks-in-groups-for-free.pdfIn PDF document text
    • http://cristalysoptic.com/images/roblox-hacks-developer-console.pdfIn PDF document text
    • http://www.inservis.cl/images/how-to-hack-people-on-roblox-2021.pdfIn PDF document text
    • http://brandyourbody.com/images/hack-de-robux-gratis.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/boku-no-roblox-quirk-hacks.pdfIn PDF document text
    • http://shahriyarclimb.com/images/denis-free-robux-app.pdfIn PDF document text
    • http://kruiz21.ru/images/yt-how-download-script-hack-roblox-jailbreak-2021.pdfIn PDF document text
    • http://optsuvenir.by/images/robux-for-free-quick-and-easy.pdfIn PDF document text
    • http://axia-verlag.at/images/roblox-free-boy-clothes.pdfIn PDF document text
    • http://stomatolog-choszczno.pl/images/how-to-hack-admin-commands-on-roblox-android.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/how-to-get-roblox-admin-with-cheat-engine.pdfIn PDF document text
    • http://nouveaupavillon.fr/images/get-free-robux-without-downloading-anything.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/esp-aimbot-wall-hacks-roblox-first-person-shooter-gui.pdfIn PDF document text
    • http://www.bestyears.co.uk/images/fun-robux-hack.pdfIn PDF document text
    • http://nevesomost.by/images/how-to-get-hacks-for-jaiil-brake-in-roblox.pdfIn PDF document text
    • http://beer-holzhaus.ch/images/roblox-donegon-quest-level-hack.pdfIn PDF document text
    • http://www.maakherumusic.net/images/free-roblox-game-card.pdfIn PDF document text
    • http://www.fluidtech.hu/images/dont-take-damage-hack-roblox.pdfIn PDF document text
    • http://www.bripi.pl/images/how-to-hack-money-in-gta-5-roblox.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/roblox-shower-simulator-cheats.pdfIn PDF document text
    • http://yogaschooldecypres.be/images/make-a-free-roblox-account.pdfIn PDF document text
    • http://consultinggirona.es/images/hacks-to-get-robux-2021.pdfIn PDF document text
    • http://damvallei.be/images/roblox-music-id-break-free.pdfIn PDF document text
    • https://www.albisser.ch/images/free-roblox-account-2021.pdfIn PDF document text
    • https://www.shin.ge/images/play-roblox-online-for-free-no-download.pdfIn PDF document text
    • http://smoothjazzclub.net/images/hacker-de-robux-para-roblox.pdfIn PDF document text
    • http://centuriatus.com/images/roblox-cheat-engine-speed-hack-2021.pdfIn PDF document text
    • http://echosvoix.ch/images/how-to-user-cheat-buddy-roblox.pdfIn PDF document text
    • http://mydevice.com.au/images/robux-free-codes-2021.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/rhow-to-get-free-robux.pdfIn PDF document text
    • https://socialvalue.gr/images/roblox-hack-in-2021-in-all-games.pdfIn PDF document text
    • http://bullyinformate.org/images/cheat-codes-in-work-out-simulator-in-roblox.pdfIn PDF document text
    • http://w-i-r.de/images/broken-bones-iv-roblox-hack.pdfIn PDF document text
    • https://www.albisser.ch/images/hack-robux-infinitos-roblox.pdfIn PDF document text
    • http://wattkit.com/images/brand-new-free-robux.pdfIn PDF document text
    • https://gabrieliassociati.com/images/infinite-robux-hack.pdfIn PDF document text
    • http://addair.co.uk/images/hack-explosin-roblox-pizza-place.pdfIn PDF document text
    • http://axiapublishers.com/images/pastebin-com-free-robux-promocode.pdfIn PDF document text
    • http://learningarabic.co.uk/images/flame-gg-free-robux-https-flame-gg-zeph.pdfIn PDF document text
    • http://lakomat.by/images/free-robux-obby-no-scam.pdfIn PDF document text
    • http://lechia-sedziszow.pl/images/cheat-bar-codes-for-roblox.pdfIn PDF document text
    • https://www.milewood.co.uk/images/hackcom-for-roblox.pdfIn PDF document text
    • http://www.centromedicoaurora.it/images/now-to-get-free-robux.pdfIn PDF document text
    • https://www.sitiwebjoomla.it/images/free-stuff-in-roblox-2021.pdfIn PDF document text
    • https://ghpa.ru/images/add-something-to-inventory-for-free-roblox.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/how-to-get-free-robux-on-ios-2021.pdfIn PDF document text
    • http://kruiz21.ru/images/no-verify-free-robux.pdfIn PDF document text
    • http://standart-lab.ru/images/roblox-fly-hack-november-2021.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/free-robux-no-human-verification-no-survey-2021.pdfIn PDF document text
    +8 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000819f.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x819F 24540 bytes
SHA-256: ccd6fe41cd7d00cc54282572dd87a7d134641d8fc4e664c4a335ca92d5eadaac
font_01_sfnt_off0000b9ee.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB9EE 3884 bytes
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf
font_02_sfnt_off0000c695.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC695 18676 bytes
SHA-256: cf89c5773435c6f35bf62e05772002afb15c347340565c459652bd4aea1e047f