PDF static analysis report

Static analysis result for SHA-256 cda9a905032faa6d…

SUSPICIOUS

PDF

58.7 KB Created: 2021-04-05 21:23:40 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-25
MD5: 199594bee289154804364c4ce8c25d96 SHA-1: 5628f23906e6e39a61c6c808030b531b9bc78cfb SHA-256: cda9a905032faa6d328f3873ae17fd4bca79a73b13a4d6e437d0c9f52c5a4545
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6397

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-free-robux-live PDF link annotation
    • https://technospektr.com.ua/images/roblox-tv-free-robux.pdfIn PDF document text
    • http://medimacs.eu/images/can-you-make-gamepasses-for-free-roblox.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/roblox-account-hack-password.pdfIn PDF document text
    • http://elearnfactory.com/images/roblox-money-hack-mad-city-2021-safe.pdfIn PDF document text
    • https://verdensbarn.no/images/how-to-hack-sharkbite-roblox.pdfIn PDF document text
    • https://amatq.ca/images/best-hacker-ever-roblox.pdfIn PDF document text
    • http://rumler.pl/images/free-me-robux.pdfIn PDF document text
    • https://tokunfome.com.br/images/earn-free-points-for-robux.pdfIn PDF document text
    • https://domoticaaplicada.com/images/tutorial-hack-roblox-robux.pdfIn PDF document text
    • https://blagvist.com.ua/images/free-super-hros-roblox.pdfIn PDF document text
    • http://eooe.gr/images/how-to-get-items-for-free-on-roblox-instantly.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/where-to-put-code-for-free-roblox.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/hacker-des-compte-roblox.pdfIn PDF document text
    • https://www.tsdb.com.au/images/how-to-get-a-free-dominus-in-roblox-2021.pdfIn PDF document text
    • https://kunstmalen.ch/images/how-to-hack-roblox-base-wars.pdfIn PDF document text
    • http://www.beantownlimo.com/images/hack-skyploit-v2-roblox.pdfIn PDF document text
    • https://www.nema.go.ke/images/roblox-noclip-cheat.pdfIn PDF document text
    • http://seniorenverband-brh-nds.de/images/how-to-get-vip-for-free-vampire-hunters-2-roblox.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/free-robux-super-easy-2021.pdfIn PDF document text
    • http://www.zdravazena.sk/images/chamello-free-robux.pdfIn PDF document text
    • https://www.yewtreealpacas.co.uk/images/ip-grabber-hack-for-roblox.pdfIn PDF document text
    • http://escolaarboc.cat/images/robux-hack-no-fake.pdfIn PDF document text
    • https://www.ghknights.org/images/sistem48-hack-roblox.pdfIn PDF document text
    • https://laconce.com/images/nerf-fps-roblox-cheat-engine.pdfIn PDF document text
    • http://www.actae.gr/images/dbzfs-roblox-hack.pdfIn PDF document text
    • http://reisebild.eu/images/panel-de-hacks-de-roblox.pdfIn PDF document text
    • http://www.drent.se/images/robux-cheats-2021.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/lollipop-simulator-hack-sckitp-roblox.pdfIn PDF document text
    • http://berntfoto.dk/images/hack-simulator-roblox.pdfIn PDF document text
    • https://socialvalue.gr/images/pastebin-2021-robux-hack.pdfIn PDF document text
    • https://scraperite.com/images/free-roblox-object-en-vedette.pdfIn PDF document text
    • https://gaj.rs/images/free-robux-gift-catd-codes-list.pdfIn PDF document text
    • http://bwharrisalumniusa.org/images/caillou-hacks-his-robux.pdfIn PDF document text
    • http://gaeconsultores.cl/images/free-long-good-roblox-names-for-boys.pdfIn PDF document text
    • https://billiekawende.com/images/wie-kann-man-bei-roblox-geld-cheaten.pdfIn PDF document text
    • http://kim-kinder-im-mittelpunkt.de/images/how-to-hack-peoples-in-roblox.pdfIn PDF document text
    • http://citycare.pt/images/como-conseguir-diamantes-en-royale-high-roblox-hack.pdfIn PDF document text
    • http://ralf-gryga.de/images/ejecutador-de-hacks-roblox.pdfIn PDF document text
    • https://wandersuechtig.de/images/free-ninja-run-roblox.pdfIn PDF document text
    • http://kishplus.ir/images/free-robux-2021-october.pdfIn PDF document text
    • http://www.htc.edu.au/images/wearedevs-roblox-exploits-and-hacks--cheats.pdfIn PDF document text
    • https://www.linzgau-kjh.de/images/how-to-hack-roblox-without-cheat-engine-2021.pdfIn PDF document text
    • http://biccairo.com/images/free-roblox-places-in-roblox-studio-download-2021.pdfIn PDF document text
    • https://verdensbarn.no/images/roblox-jailbreak-games-for-free.pdfIn PDF document text
    • http://ferienwohnung-walker.de/images/nuevos-hacks-de-roblox-2021-benimo.pdfIn PDF document text
    • http://www.hotelcimone.it/images/how-to-hack-people-on-roblox-without-downloads.pdfIn PDF document text
    • http://smoothjazzclub.net/images/roblox-hacks-no-sur.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/free-idle-animation-roblox.pdfIn PDF document text
    • http://hotel-buta.by/images/what-to-do-if-your-roblox-account-gets-hacked.pdfIn PDF document text
    +15 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00007f4f.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x7F4F 25060 bytes
SHA-256: 86e4c6c72c4993f98ac568510f95cd0c275a854b036abaa8c623420682889237
font_01_sfnt_off0000b88a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB88A 3376 bytes
SHA-256: 9a7a888fd41b7b6fd9cac23805b932f5ee72b35eb8bc473855a580d6a710433b
font_02_sfnt_off0000c42a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC42A 17552 bytes
SHA-256: c1fa83837a46e0ff31c1b5e27ff883c217860589410a5dffe949baeb3717d37f