PDF static analysis report

Static analysis result for SHA-256 b7bc7d7e5b7cb2b9…

SUSPICIOUS

PDF

57.3 KB Created: 2021-04-05 18:57:59 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-16
MD5: 666b392c599aa53cbce22e2e0f3a142a SHA-1: 58050bf5d47fbfebeed0b958face929f2e38c3c4 SHA-256: b7bc7d7e5b7cb2b977e4b87ac267605a24b37fcd9ca721e4501892c450a2c897
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous URLs, many of which are related to Roblox cheats and hacks, suggesting a lure for users interested in such content. The presence of an external URI pointing to 'gaminggenerator.org' and the ML classifier flagging the PDF as malicious indicate a high likelihood of malicious intent. The document body, though partially corrupted, contains references to Roblox and a URL, reinforcing the phishing or malware distribution theme.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-oprewards-hack PDF link annotation
    • http://leigraphics.com/images/how-do-i-get-free-robux-on-roblox-2021.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/how-to-hack-roblox-account-february.pdfIn PDF document text
    • https://ambarevleri.com/images/roblox-parkour-cheats.pdfIn PDF document text
    • https://www.ghknights.org/images/army-tycoon-hack-roblox.pdfIn PDF document text
    • https://www.millatgears.com/images/free-to-claim-roblox-groups.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/how-to-hack-unblock-roblox-password.pdfIn PDF document text
    • https://www.porthos.it/images/comment-hacker-roblox-accesoir.pdfIn PDF document text
    • http://www.boic.nl/images/roblox-custom-free.pdfIn PDF document text
    • http://technologicalsc.com/images/roblox-heaven-free-robux.pdfIn PDF document text
    • https://socialvalue.gr/images/cheat-engine-speed-hack-roblox-2021.pdfIn PDF document text
    • http://www.studiodamato.it/images/how-to-get-100-robux-fast-and-free.pdfIn PDF document text
    • https://www.audipec.com.br/images/tbc-oil-platform-roblox-free-download.pdfIn PDF document text
    • http://www.actae.gr/images/roblox-executor-hack.pdfIn PDF document text
    • http://www.htc.edu.au/images/how-to-hack-in-ar-in-roblox.pdfIn PDF document text
    • https://www.cnte.org.br/images/roblox-how-to-hack-accounts-2021.pdfIn PDF document text
    • https://grovehilloutfitters.com/images/roblox-free-shirts-free-shipping.pdfIn PDF document text
    • https://photographygroupofbunbury.com/images/roblox-gewicht-heben-simulator-3-hack.pdfIn PDF document text
    • https://koeltotaal.com/images/does-roblox-detect-hacks.pdfIn PDF document text
    • https://rieber-transporte.de/images/roblox-hacks-mpgh.pdfIn PDF document text
    • https://www.air-shop.cz/images/roblox-hacks-robux-2021.pdfIn PDF document text
    • http://florentineholding.com/images/free-robux-generator-2021-december.pdfIn PDF document text
    • http://elllanorestaurants.com/images/who-hack-in-roblox.pdfIn PDF document text
    • http://1a-vermietung.com/images/roblox-project-pokemon-dupe-hack.pdfIn PDF document text
    • http://www.peterdejonge.nl/images/2nd-best-hacker-on-roblox.pdfIn PDF document text
    • http://dottgagliardi.com/images/how-to-cheat-in-roblox-to-get-robux.pdfIn PDF document text
    • https://www.hbproducts.dk/images/strucid-roblox-hacks-aimbot.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/get-free-robux-no-download-no-verification.pdfIn PDF document text
    • http://legs11.co.za/images/free-robux-online-2021.pdfIn PDF document text
    • http://www.eurosan1.ba/images/roblox-hack-one-app-rewards.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/20-best-site-to-have-free-robux.pdfIn PDF document text
    • https://kimolos-link.gr/images/roblox-free-robux-hack-android.pdfIn PDF document text
    • http://hydroconseil.com/images/how-to-earn-robux-for-free-in-roblox.pdfIn PDF document text
    • http://danielkleiboemer.de/images/can-u-get-free-robux-in-roblox.pdfIn PDF document text
    • http://aadvanderklaauw.nl/images/how-to-get-robux-for-free-without-signing-up.pdfIn PDF document text
    • https://www.romedia.gr/images/www-roblox-com-play-for-free.pdfIn PDF document text
    • https://meltonschool.org/images/roblox-arsenal-hack-script-pastebin.pdfIn PDF document text
    • http://belagrogen.by/images/free-robux-generator-the-roblox-hack-2021.pdfIn PDF document text
    • http://www.marambio.com.ar/images/free-robux-codes-no-survey.pdfIn PDF document text
    • https://www.wadowice24.pl/images/game-gives-you-free-robux.pdfIn PDF document text
    • https://www.wadowice24.pl/images/how-to-hack-people-acount-in-roblox.pdfIn PDF document text
    • https://europainstitut.hu/images/hack-yourself-levels-in-roblox-phantom-forces.pdfIn PDF document text
    • http://www.fanciullovito.it/images/free-vip-server-for-roblox-labyrinth.pdfIn PDF document text
    • http://smart-pro.co.uk/images/cheat-roblox-jailbreak-fr.pdfIn PDF document text
    • https://www.ncscolour.no/images/jailbreak-app-way-to-get-free-robux.pdfIn PDF document text
    • http://kim-kinder-im-mittelpunkt.de/images/free-robux-generator-no-human-verification-android.pdfIn PDF document text
    • http://wattkit.com/images/how-to-get-roblox-bc-for-free.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/free-codes-for-roblox-robux.pdfIn PDF document text
    • http://www.occquimica.com.br/images/roblox-robux-exploit-hack.pdfIn PDF document text
    • http://hemmet-strand.dk/images/mega-roblox-hack.pdfIn PDF document text
    +21 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008265.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8265 25260 bytes
SHA-256: 50d0c15e9b3bf0477aab946b417f6828b8100688381f629054975ea8cf281dce
font_01_sfnt_off0000bc29.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBC29 18260 bytes
SHA-256: fb15a4e1ce4e8ac544499aa9b8a3df2b642d2e7649a772315fade2a9ba7c1193