PDF static analysis report

Static analysis result for SHA-256 b392b6e95689ed5c…

SUSPICIOUS

PDF

40.2 KB Created: 2021-04-27 09:32:53 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: edc24911953ab6ad8bf2d0109a94762f SHA-1: e333366ef48c8fd540cdc34dbb07c3d2d77c0fae SHA-256: b392b6e95689ed5ccee343a166151ffe71698c523ab24688f56b407f9cbd0f67
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains numerous links and a prominent call-to-action to download a 'Free Roblox Player' or 'Roblox Generator', strongly suggesting a lure for potentially unwanted or malicious software. The ML classifier also flagged this PDF with high confidence. The presence of multiple URLs related to game exploits and hacks further supports the malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9941

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/431946152/free-roblox-player-download-game-hack PDF link annotation
    • http://www.saburai.ac.id/elibrary//repository/using-cheat-engine-on-roblox.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/lazyblocks-com-free-robux-2021.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/websites-to-hack-roblox-accounts.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/robux-free-logiciel.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/how-to-get-free-robux-in-roblox-iphone.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/how-to-hack-into-files-to-get-robux.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/como-tener-robux-gratis-hack.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/how-to-get-roblox-bloxburg-for-free.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/izuku-midoriya-roblox-free-schop.pdfIn PDF document text
    • http://www.saburai.ac.id/elibrary//repository/roblox-free-modles.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00003f0c.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x3F0C 25120 bytes
SHA-256: 3ab3e50cacca1cf17d63fd9a95a73c2fdb5eb921a69e0ea95f87d508a9ea84db
font_01_sfnt_off000078e7.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x78E7 19016 bytes
SHA-256: e7e4b0e4a04856165ac1067a59200403a579a5e326c64df834af0e5027e24e41