Malicious PDF — malware analysis report

Static analysis result for SHA-256 b3221da91d50e76e…

MALICIOUS

PDF

216.6 KB Created: 2021-04-04 23:22:53 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 32e97bd1e5b8732d3d6926da7512d95f SHA-1: c7063077cc8cc8c43df66facc82b4e562ed78d74 SHA-256: b3221da91d50e76ea2689176ce0411b3f4b36e2cef71e3ae9941b82af5d742fa
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF file was detected as malicious by ClamAV and an ML classifier, indicating a phishing attempt related to Roblox hacks. It contains an external URI pointing to a website that likely hosts further malicious content or exploits. The document body, though heavily obfuscated, suggests a lure related to 'Roblox Mad City Hack Money Francais'. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5087

Heuristics 3

  • ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-mad-city-hack-money-francais PDF link annotation
    • http://dmoraitis.gr/images/roblox-inspect-consle-hacks.pdfIn PDF document text
    • http://petarda.hu/images/hack-para-las-contraseas-de-roblox.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/redeem-card-2021-robux-free.pdfIn PDF document text
    • http://britishcomics.com/images/free-robux-without-survey-or-human-verification.pdfIn PDF document text
    • http://moralcenter.or.th/images/how-to-hack-phantom-forces-roblox-lvl-hack.pdfIn PDF document text
    • http://www.inservis.cl/images/roblox-robux-hack-download-2021.pdfIn PDF document text
    • http://seniornetwanganui.org.nz/images/free-roblox-level-creating-scripts.pdfIn PDF document text
    • http://safwafurniture.com/images/roblox-fire-hack-cheat-engine.pdfIn PDF document text
    • http://bau-lk.de/images/carte-roblox-free-card.pdfIn PDF document text
    • https://schulzpressetext.de/images/how-to-hack-roblox-deathrun.pdfIn PDF document text
    • http://grahambettsmotors.com/images/hackear-cuentas-de-roblox-gratuitas.pdfIn PDF document text
    • http://tehergumi.hu/images/free-coins-for-roblox.pdfIn PDF document text
    • http://keepcasscountybeautiful.com/images/roblox-how-to-make-a-shirt-for-free.pdfIn PDF document text
    • http://biotronics.com.cy/images/roblox-hack-robux-gratis-2021.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/download-hack-roblox-jailbreak-2021.pdfIn PDF document text
    • http://ernstgloves.co.il/images/how-to-free-robux-100-virus.pdfIn PDF document text
    • http://kishplus.ir/images/roblox-hack-mod-windows-7.pdfIn PDF document text
    • http://homequeen.de/images/free-team-deathmatch-map-roblox.pdfIn PDF document text
    • http://ctr74.net/images/free-jeff-the-killer-face-roblox.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/roblox-cheat-injector.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.