PDF static analysis report

Static analysis result for SHA-256 c14388ea70c62425…

SUSPICIOUS

PDF

56.9 KB Created: 2021-04-05 23:07:43 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: bf142ddcc0b248d986e1b7b098b051bf SHA-1: 156e6b41e44bd44fd2f965cb1a50b68a414268c4 SHA-256: c14388ea70c624257b76d4afef06b1b4b3dd64be858f86c332fdd74c4175aa1e
50 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. It uses an urgency-based lure. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 4

  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/cheats-for-blodody-mary-roblox PDF link annotation
    • https://www.nema.go.ke/images/free-robux-for-kids-no-human-verification.pdfIn PDF document text
    • http://lv-siegen.de/images/roblox-studio-cheat-sheets.pdfIn PDF document text
    • http://chocolats-boccardi-carcassonne.com/images/infinite-jump-roblox-jump-hack.pdfIn PDF document text
    • http://lcs-schlieben.de/images/free-robux-pastebin-30.pdfIn PDF document text
    • http://www.pro-futuro.eu/images/how-to-get-free-robux-fast-and-easy-2021.pdfIn PDF document text
    • https://www.shin.ge/images/noclip-roblox-hack-download-2021.pdfIn PDF document text
    • http://www.zdravazena.sk/images/how-to-change-your-robux-name-for-free.pdfIn PDF document text
    • https://bancroftandsons.com/images/roblox-hack-ghost.pdfIn PDF document text
    • http://ottawavalleykitchens.ca/images/free-robux-hack-generator-no-app-download.pdfIn PDF document text
    • http://cleanteclogistics.com/images/robux-hack-trackid-sp006.pdfIn PDF document text
    • https://meltonschool.org/images/best-free-girls-roblox-outfits.pdfIn PDF document text
    • http://verenacrow.at/images/how-to-get-free-in-catalog-roblox.pdfIn PDF document text
    • https://amatq.ca/images/esp-cheat-engine-roblox.pdfIn PDF document text
    • https://lobergetart.se/images/how-to-get-free-clothes-on-roblox-without-bc.pdfIn PDF document text
    • http://sbm-nn.ru/images/free-and-easy-robux.pdfIn PDF document text
    • http://agrao.in/images/how-to-earn-free-robux-online.pdfIn PDF document text
    • https://www.albisser.ch/images/gg-roblox-hack.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/hacking-in-roblox-colour-cubes.pdfIn PDF document text
    • https://corbo.ru/images/roblox-fly-hack-code.pdfIn PDF document text
    • http://musical-arts.de/images/free-roblox-hacks-for-good.pdfIn PDF document text
    • http://bullyinformate.org/images/hack-para-jailbreak-roblox-2021-dinero-infinito.pdfIn PDF document text
    • https://www.stkdb.cz/images/free-robux-builders-club.pdfIn PDF document text
    • https://europainstitut.hu/images/free-model-games-roblox.pdfIn PDF document text
    • http://www.beged.at/images/roblox-anime-cross-hack.pdfIn PDF document text
    • http://salantiskis.lt/images/robux-maniac-hack-for-free-pin.pdfIn PDF document text
    • http://www.drent.se/images/roblox-lua-hack.pdfIn PDF document text
    • http://www.prylfabriken.se/images/is-bloxburg-roblox-free.pdfIn PDF document text
    • https://osk-sibir.ru/images/is-free-robux-real.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/free-robux-generator-for-roblx.pdfIn PDF document text
    • http://www.occquimica.com.br/images/5-free-robux-games.pdfIn PDF document text
    • http://roberto-gac.org/images/https-hack-de-robux-roblox-robux.pdfIn PDF document text
    • http://eooe.gr/images/how-to-hack-jailbreak-roblox-ios.pdfIn PDF document text
    • http://ims-77.fr/images/como-hackear-cuentas-de-roblox-2021.pdfIn PDF document text
    • http://www.marambio.com.ar/images/roblox-high-school-money-hack-2021.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/codes-roblox-free-items.pdfIn PDF document text
    • http://zarinnameh.ir/images/rblx-gg-roblox-free-robux.pdfIn PDF document text
    • https://www.yewtreealpacas.co.uk/images/game-pass-roblox-free.pdfIn PDF document text
    • http://uptodate.az/images/username-and-password-roblox-generator-hack.pdfIn PDF document text
    • https://aniruddhasadm.com/images/haxteamcf-free-robux-generator.pdfIn PDF document text
    • http://rumler.pl/images/roblox-robux-hack-generator-no-survey-2021.pdfIn PDF document text
    • http://spstrading-th.com/images/hacking-dungeon-quest-roblox-2021.pdfIn PDF document text
    • https://gomsa.nl/images/street-fighting-simulator-infinity-stat-hack-roblox.pdfIn PDF document text
    • http://xn----ttbgfkcjc5fd.xn--p1ai/images/roblox-hack-more-robux.pdfIn PDF document text
    • http://www.exikom.com.ua/images/roblox-plaza-hack.pdfIn PDF document text
    • http://saip.ws/images/bleu-roblox-hack-free.pdfIn PDF document text
    • https://enpav.it/images/free-robux-pastebin-hack.pdfIn PDF document text
    • https://www.udivadlahotel.cz/images/hack-counter-blox-roblox-offensive-2021.pdfIn PDF document text
    • http://safwafurniture.com/images/hacking-my-brothers-roblox-acaawaant.pdfIn PDF document text
    • https://freerobux.cyouIn PDF document text
    +12 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008021.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8021 25064 bytes
SHA-256: 7479781da6feba90fbd74784077c048940ecf3da4563721f5f6553897fc6dc63
font_01_sfnt_off0000ba82.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBA82 18420 bytes
SHA-256: 696f3cd9c3b6922b686a6f342c750139e0dbfd2e34e38242e5d854af8ba2b1b8