Malicious PDF — malware analysis report

Static analysis result for SHA-256 cc3b0d6e40132de7…

MALICIOUS

PDF

234.5 KB Created: 2021-04-04 10:03:20 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-25
MD5: 3ec319f4532ef92663ba8d8198837ff7 SHA-1: 4f223b6053c2d2f1dded64345a41bb494ee4c458 SHA-256: cc3b0d6e40132de74bc4d893945df0be5e555fd8c5f5101dc20bd7ec8b17637a
114 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file uses an image-based lure. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7268

Heuristics 4

  • ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 234 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-jump-hack-bit-slicer PDF link annotation
    • https://gastroration.ru/images/roblox-jailbreak-hack-exploit-free-fly-hack-and-teleport.pdfIn PDF document text
    • http://www.homesweethome.pl/images/free-enter-pin-in-roblox.pdfIn PDF document text
    • http://abqwinair.com/images/roblox-20-torso-free.pdfIn PDF document text
    • http://goosesscuba.com/images/free-robux-no-human-verification-and-no-offers.pdfIn PDF document text
    • http://msfs-eastafrica.com/images/free-roblox-injector-v3rmillion.pdfIn PDF document text
    • http://www.hawler.in/images/roblox-building-hacks.pdfIn PDF document text
    • http://www.marambio.com.ar/images/free-robux-hacker-com-2021.pdfIn PDF document text
    • http://centuriatus.com/images/how-to-hack-high-school-life-roblox.pdfIn PDF document text
    • http://eddieblum.nl/images/roblox-twisted-murderer-hack-nopde-engine.pdfIn PDF document text
    • http://a1scan3d.com/images/roblox-gear-cheat.pdfIn PDF document text
    • http://haertetechnik-steinbach.de/images/roblox-ninja-legends-hack-to-one-tap-boss.pdfIn PDF document text
    • http://bestmaids.co.uk/images/rob-hacker-robux-generator.pdfIn PDF document text
    • https://sectorpravdy.com/images/cheaten-bei-roblox.pdfIn PDF document text
    • http://fa-deco.com/images/roblox-hacks-for-phone.pdfIn PDF document text
    • http://linde-erbach.de/images/free-groups-to-claim-roblox.pdfIn PDF document text
    • http://gods-own.org/images/roblox-fight-the-monsters-hack.pdfIn PDF document text
    • http://schrichte.de/images/how-to-use-roblox-jailbreak-auto-rob-hack.pdfIn PDF document text
    • http://gremihostaleria.cat/images/roblox-cheats-xbox.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/roblox-speed-hack-check-cashed.pdfIn PDF document text
    • http://traveltrucks.com.au/images/free-roblox-clothes-for-your-avatar.pdfIn PDF document text
    • http://uptodate.az/images/free-robux-at-http-get-robux-eu5-net.pdfIn PDF document text
    • http://demenagementlandry.com/images/hacks-roblox-transform.pdfIn PDF document text
    • http://infoagronomia.com.ar/images/comment-hack-sur-roblox.pdfIn PDF document text
    • http://www.gongoff.com/images/how-to-hack-roblox-without-downloading-any-apps.pdfIn PDF document text
    • http://cristalysoptic.com/images/did-roblox-get-hacked-in-2021.pdfIn PDF document text
    • http://gremihostaleria.cat/images/how-to-hack-roblox-on-ipad-air-2.pdfIn PDF document text
    • https://yarburservices.ru/images/roblox-robux-cards-free.pdfIn PDF document text
    • http://smart-pro.co.uk/images/roblox-synapse-free-download-2021.pdfIn PDF document text
    • https://piscinasmundoacuatico.com/images/free-robux-without-doing-anything.pdfIn PDF document text
    • http://piadaandco.it/images/roblox-hacker-kolorowanki-do-druku.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00037f4f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x37F4F 19548 bytes
SHA-256: 32c13ffaa2f7d452ce6f81898a9dcf6ccadb1c405132e396d71b8a3b308d1f2f