PDF static analysis report

Static analysis result for SHA-256 cd2833c31f686379…

SUSPICIOUS

PDF

60.1 KB Created: 2021-04-05 19:11:56 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: ae4cf740b21401ac61b0b0e6490be1b6 SHA-1: eafd84ac4fbef9ec96259272f7229b01bc867824 SHA-256: cd2833c31f686379c41fade1e3c2fa1931aa74a7b2a06e44a68458cd0ae95e01
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous URLs and a prominent call-to-action related to obtaining free Robux, a common lure for phishing and malware distribution. The ML classifier also flagged this PDF as malicious. While no scripts were explicitly extracted, the presence of embedded URLs and the nature of the lure suggest an attempt to trick users into downloading a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/free-robux-no-survreys PDF link annotation
    • https://icefuture.ru/images/roblox-song-id-billie-elish-free.pdfIn PDF document text
    • http://iacovoulaw.com/images/how-to-get-free-robux-easy-way-2021.pdfIn PDF document text
    • http://baah.ca/images/cheat-roblox-tower-defense.pdfIn PDF document text
    • http://asiasieja.pl/images/how-to-get-free-robux-2021-not-patched.pdfIn PDF document text
    • http://www.evaplast.by/images/free-robux-codes-2021-march.pdfIn PDF document text
    • https://socialvalue.gr/images/roblox-robux-hack-2021-cheat-engine.pdfIn PDF document text
    • http://lichtdrukkerijwijchen.nl/images/case-island-roblox-hack.pdfIn PDF document text
    • https://www.seeingindependence.org/images/free-clothing-group-roblox.pdfIn PDF document text
    • http://ivalor.fr/images/roblox-free-set.pdfIn PDF document text
    • http://ozonizarint.com/images/roblox-meepcity-free-plus.pdfIn PDF document text
    • http://jugendfeuerwehr-scheinfeld.de/images/how-to-hack-an-account-roblox.pdfIn PDF document text
    • http://echosvoix.ch/images/free-robux-and-tix-generator-online.pdfIn PDF document text
    • http://fiur-malermeister.de/images/roblox-play-for-free-online-no-download.pdfIn PDF document text
    • http://apostolosandreaslemesou.com/images/roblox-hacks-pc.pdfIn PDF document text
    • http://www.pacoestrada.it/images/robux-hacks-that-actually-work-for-everyone-on-roblox.pdfIn PDF document text
    • http://www.mediaxin.net/images/free-song-id-roblox.pdfIn PDF document text
    • http://www.cuniv-naama.dz/images/free-download-roblox-infinite-jump-real.pdfIn PDF document text
    • http://seytarehco.com/images/you-promised-my-son-you-would-give-him-free-robux.pdfIn PDF document text
    • http://pa-tanjungselor.go.id/images/free-2021-robux-no-human-verification-easy.pdfIn PDF document text
    • https://ghpa.ru/images/how-to-hack-an-roblox-account-2021.pdfIn PDF document text
    • http://biotronics.com.cy/images/how-to-get-robux-on-roblox-with-cheat-engine.pdfIn PDF document text
    • http://ladagoterie.fr/images/robux-hack-no-adds.pdfIn PDF document text
    • https://www.hotschool.com.au/images/roblox-hack-piratebay-what-it-does.pdfIn PDF document text
    • http://homequeen.de/images/free-online-games-similar-to-roblox.pdfIn PDF document text
    • https://www.ergolight.at/images/how-to-hack-robux-on-roblox-with-google-chrome.pdfIn PDF document text
    • https://www.wijhalenhetop.nl/images/free-robux-yt.pdfIn PDF document text
    • https://www.hotschool.com.au/images/games-like-roblox-but-free-and-no-download.pdfIn PDF document text
    • https://digitalsenseafrica.com.ng/images/roblox-online-roblox-hack.pdfIn PDF document text
    • http://bit-sky.com/images/como-hackear-robux-con-cheat-engine.pdfIn PDF document text
    • http://jdlrelocation.com/images/free-tix-roblox-2021.pdfIn PDF document text
    • https://gaj.rs/images/how-to-get-free-robux-2021-ios.pdfIn PDF document text
    • http://www.controverseinterapie.it/images/how-to-get-free-robux-from-groups.pdfIn PDF document text
    • http://dos.most.gov.la/images/roblox-retail-tycoon-money-cheat.pdfIn PDF document text
    • http://sb2m.com.br/images/free-roblox-in-game-hacks-download.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/how-to-hack-roblox-account-on-phone.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/roblox-robux-hack-2021.pdfIn PDF document text
    • http://www.sitiamministrabili.it/images/free-roblox-gift-card-hack.pdfIn PDF document text
    • https://www.hofe-gmbh.de/images/free4mobile24-free-robux.pdfIn PDF document text
    • http://hydroconseil.net/images/free-roblox-items-2021.pdfIn PDF document text
    • http://learningarabic.co.uk/images/starting-pilot-tutorial-roblox-cheats.pdfIn PDF document text
    • http://www.popikalogirou-realestate.gr/images/tuxedo-roblox-free.pdfIn PDF document text
    • http://www.boic.nl/images/free-minecraft-in-roblox-and-more-naval-ships-minecraft.pdfIn PDF document text
    • http://pacatuamigo.com/images/how-to-hack-roblox-for-billions-robux.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/assassin-dodge-hack-roblox.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/roblox-need-for-speed-cash-hack.pdfIn PDF document text
    • http://schrichte.de/images/free-robux-cards-that-have-not-been-used.pdfIn PDF document text
    • http://goldwing-shop.ru/images/how-to-hack-in-every-game-in-roblox.pdfIn PDF document text
    • http://www.copoint.co.uk/images/roblox-banning-simulator-hack-download.pdfIn PDF document text
    • https://studentcareerinfo.com/images/how-to-get-free-faces-on-roblox-2021.pdfIn PDF document text
    +16 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008240.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8240 26256 bytes
SHA-256: da5c8756759df013b282cc6e557572fc1870646dc462919116ddf615143d1227
font_01_sfnt_off0000bdd6.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBDD6 3312 bytes
SHA-256: 40bd8eebcb3a0d68a8646f1930e84f30a44bfa48525263c6c528f0bc1e9c1677
font_02_sfnt_off0000c925.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC925 17732 bytes
SHA-256: a69713f9d3cb7c519b41b807edc260776b556d583c9a7d6645633b72915fee7e