PDF static analysis report

Static analysis result for SHA-256 ca6b7053abd5403e…

SUSPICIOUS

PDF

59.4 KB Created: 2021-04-05 20:59:52 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-23
MD5: 663351789f7ead477987d802cfdc9f75 SHA-1: 26aadde20cf8a096a8ea99e7a0f3d97d5ac6542c SHA-256: ca6b7053abd5403e781eb58380353d8a08bf7c53b2c98dc695c598e092db5794
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/script-roblox-hack-2021-notepad-script-pack PDF link annotation
    • http://www.zdravazena.sk/images/download-roblox-for-free-unlockable.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/hack-roblox-counter-blox-2021.pdfIn PDF document text
    • http://scuttworksdesigns.us/images/hack-de-roblox-robux-gratis-2021.pdfIn PDF document text
    • https://socialvalue.gr/images/how-to-hack-treasure-hunt-simulator-in-roblox.pdfIn PDF document text
    • https://www.laarsenco.nl/images/free-bc-roblox-2021.pdfIn PDF document text
    • http://aiyta.com/images/free-robux-group-funds-hack.pdfIn PDF document text
    • http://butkimloai.com/images/maiu-maiu-roblox-hack-rc7-scrpt.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/roblox-hack-new-dtfb-test.pdfIn PDF document text
    • https://www.eglihotel.gr/images/how-to-hack-roblox-shinobi-life.pdfIn PDF document text
    • https://gzog.pl/images/free-roblox-adopt-me-pets.pdfIn PDF document text
    • https://belixconstructions.com.au/images/pink-paradigm-hack-created-by-lord-of-robux-explication.pdfIn PDF document text
    • http://studentslovetravel.com/images/free-roblox-account-with-lvl-max-on-boku-no-roblox.pdfIn PDF document text
    • http://goosesscuba.com/images/roblox-hacks-injector.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/can-you-get-alone-for-free-roblox.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-to-cheat-in-roblox-tower-of-hell.pdfIn PDF document text
    • http://www.fluidtech.hu/images/how-to-get-any-roblox-game-pass-for-free-2021.pdfIn PDF document text
    • http://www.adravietnam.org/images/roblox-free-admin-exploit.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/indian-gamer-roblox-ninja-legends-hacks.pdfIn PDF document text
    • https://www.udivadlahotel.cz/images/speed-hack-roblox-app.pdfIn PDF document text
    • http://petarda.hu/images/robux-hack-no-verification-humaine.pdfIn PDF document text
    • http://sdservicesrl.it/images/how-do-u-hack-someones-account-on-roblox.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/hack-keeps-crashing-roblox.pdfIn PDF document text
    • https://www.saisystem.it/images/free-game-download-roblox.pdfIn PDF document text
    • http://gaeconsultores.cl/images/rip-free-roblox-games.pdfIn PDF document text
    • http://pandaplast.com/images/roblox-cheats-to-get-robux.pdfIn PDF document text
    • https://lesegais.ru/images/free-robux-app-2021.pdfIn PDF document text
    • http://harmonygardens.ca/images/royale-high-roblox-dresses-free-glowing-beach-skirt.pdfIn PDF document text
    • http://asiasieja.pl/images/quick-free-robux.pdfIn PDF document text
    • https://tokunfome.com.br/images/roblox-april-1st-hack.pdfIn PDF document text
    • http://yogaschooldecypres.be/images/roblox-hack-script-pack.pdfIn PDF document text
    • https://www.hbproducts.dk/images/roblox-infinite-health-cheat.pdfIn PDF document text
    • http://eltisstudio.sk/images/roblox-how-to-hack-robux-with-cheat-engine-64-2021.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/how-to-get-guns-in-roblox-hack.pdfIn PDF document text
    • https://www.laarsenco.nl/images/cheat-engine-lua-scripts-roblox.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/how-to-hack-roblox-for-unlimited-money.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/rich-people-that-didnt-get-hacked-in-roblox.pdfIn PDF document text
    • https://semanasantacehegin.com/images/how-to-hack-a-roblox-account-on-pc.pdfIn PDF document text
    • http://infoagronomia.com.ar/images/how-to-get-free-robux-codes-2021.pdfIn PDF document text
    • https://www.foodsafety.cz/images/cheat-engine-2021-roblox.pdfIn PDF document text
    • https://www.gymun.cz/images/hacking-roblox-jalibreak.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/roblox-free-model-roillercoaster.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/free-robux-coupons.pdfIn PDF document text
    • https://ballaratcaravans.com.au/images/robux-unlimited-hack.pdfIn PDF document text
    • https://corbo.ru/images/roblox-hacks-for-strucid.pdfIn PDF document text
    • https://www.ghknights.org/images/how-to-hack-peoples-accounts-roblox.pdfIn PDF document text
    • http://nevesomost.by/images/robux-hack-text-verifacaton.pdfIn PDF document text
    • https://www.elevage-chiot.fr/images/all-roblox-commands-cheats.pdfIn PDF document text
    • https://www.essentracomponents.com.my/images/how-to-make-things-free-on-roblox.pdfIn PDF document text
    • http://www.isril.it/images/did-uopyu-get-hacked-roblox.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000857c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x857C 27736 bytes
SHA-256: c33918b1e85eafc4d92afbd69c98ccf2a40400cb6ec3d2e55cce4ed00feaee0f
font_01_sfnt_off0000c35d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC35D 18684 bytes
SHA-256: c4c0088175c0c73e1997f4ea090631c34d6357820ce2b29d9838d2e6abb4812c