Malicious PDF — malware analysis report

Static analysis result for SHA-256 cfdbbf84d49938ab…

MALICIOUS

PDF

56.6 KB Created: 2021-04-06 02:35:14 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-23
MD5: 09a18221745f2a51d77b09cbcda84164 SHA-1: 3424e864be6c036c36de04f961306a90db44e424 SHA-256: cfdbbf84d49938abf275c918fce5dac0960bfc620b5910b6712aa62ffaf0cec4
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous embedded URLs and invisible links that redirect to websites promising free Roblox hacks and Robux. The 'PDF_CAPTCHA_LINK_LURE' heuristic indicates these links are designed to trick users into believing they need to complete a CAPTCHA or verification, a common social engineering tactic. While no scripts were explicitly extracted, the presence of multiple malicious URLs and the nature of the lures strongly suggest a phishing or scam campaign aimed at users seeking in-game advantages.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 4

  • Invisible PDF links to CAPTCHA-themed web lure high PDF_CAPTCHA_LINK_LURE
    PDF contains invisible clickable link annotations that point to a CAPTCHA/capcha-themed web path. This is a common phishing and ClickFix-style routing pattern: the PDF itself is inert, while the linked page performs the credential prompt or fake verification.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/new-free-roblox-hack PDF link annotation
    • http://www.centromedicoaurora.it/images/how-to-get-a-free-invisible-head-in-roblox.pdfIn PDF document text
    • http://musical-arts.de/images/free-toys-in-roblox-codes.pdfIn PDF document text
    • http://kulturhusbabberich.nl/images/ahje-fhz-roblox-hack.pdfIn PDF document text
    • http://www.marambio.com.ar/images/robux-cheat-codes-2021.pdfIn PDF document text
    • http://geemarco.com/images/free-robux-no-captcha-or-human-verification.pdfIn PDF document text
    • http://lakeshistory.com/images/fly-cheat-in-roblox-engine-2021.pdfIn PDF document text
    • http://sbm-nn.ru/images/kupcake-hack-roblox-jailbreak.pdfIn PDF document text
    • https://www.eglihotel.gr/images/officialrobuxhack-updated.pdfIn PDF document text
    • http://butkimloai.com/images/dominus-rex-roblox-free.pdfIn PDF document text
    • http://fiur-malermeister.de/images/hack-roblox-atravesar-paredes-2021.pdfIn PDF document text
    • http://www.maakherumusic.net/images/how-to-remove-default-clothing-for-free-roblox.pdfIn PDF document text
    • https://meltonschool.org/images/free-roblox-shirt-template-download.pdfIn PDF document text
    • https://ballaratcaravans.com.au/images/free-tshirt-roblox-my-hero-academia.pdfIn PDF document text
    • https://www.iadh.bi/images/ro-cash-earn-free-robux.pdfIn PDF document text
    • https://beejekorf.nl/images/roblox-ps4-free.pdfIn PDF document text
    • https://www.hotschool.com.au/images/free-roblox-svg.pdfIn PDF document text
    • http://escolaarboc.cat/images/the-easier-way-to-get-free-robux.pdfIn PDF document text
    • http://abst-brandschutztechnik.com/images/free-robux-easy-2021.pdfIn PDF document text
    • https://www.audev.com/images/https-www-roblox-com-robux-free.pdfIn PDF document text
    • http://modenese.net/images/cual-es-el-hack-para-tener-robux-gratis-en-robolox.pdfIn PDF document text
    • https://springhorn-reisen.de/images/roblox-case-clicker-cheats.pdfIn PDF document text
    • https://www.ergolight.at/images/roblox-lumber-tycoon-2-hack-script.pdfIn PDF document text
    • http://www.barsa.it/images/not-a-scam-free-robux.pdfIn PDF document text
    • https://sitam.co.in/images/how-do-you-get-robux-for-free-hack-2021.pdfIn PDF document text
    • https://ogm-goettingen.de/images/robux-hack-online.pdfIn PDF document text
    • https://www.eglihotel.gr/images/free-boombox-roblox-item.pdfIn PDF document text
    • http://mittlenberg.ch/images/roblox-critical-strike-cheats.pdfIn PDF document text
    • http://techmobil.pl/images/script-for-free-robux.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/free-robux-no-captcha.pdfIn PDF document text
    • http://glll.de/images/how-to-inject-a-hack-into-roblox.pdfIn PDF document text
    • http://chartsmart.com.au/images/how-to-get-a-free-skin-in-roblox.pdfIn PDF document text
    • http://bullyinformate.org/images/roblox-games-free-online-for-kids.pdfIn PDF document text
    • https://zsdunajskaluzna.sk/images/roblox-free-shoulder-pets.pdfIn PDF document text
    • http://julo-it.net/images/download-free-robux-app.pdfIn PDF document text
    • http://www.lascalamilanowallcovering.it/images/free-robux-codes-28.pdfIn PDF document text
    • https://www.hofe-gmbh.de/images/roblox-robux-hack-november-2021.pdfIn PDF document text
    • https://kimolos-link.gr/images/how-to-hack-into-a-roblox-account-2021.pdfIn PDF document text
    • https://www.eglihotel.gr/images/citizen-hacking-roblox.pdfIn PDF document text
    • http://beagles-of-harmony.de/images/cheat-codes-for-roblox-2-player-gun-factory-tycoon.pdfIn PDF document text
    • http://scuttworksdesigns.us/images/roblox-svg-free.pdfIn PDF document text
    • http://bkd1.balikpapan.go.id/images/free-roblox-vertual-items.pdfIn PDF document text
    • http://ferienwohnung-walker.de/images/free-builders-club-on-roblox-2021.pdfIn PDF document text
    • https://hassel-event.de/images/free-robux-ohne-handynummer-2021.pdfIn PDF document text
    • http://wcasrock.org/images/hacked-roblox-logo.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/hack-tool-roblox-2021.pdfIn PDF document text
    • http://columbuscigar.com/images/hi2-to-earn-free-robux-today.pdfIn PDF document text
    • https://gryps.de/images/cheats-and-codes-for-snow-shoveling-simulator-roblox-pc.pdfIn PDF document text
    • http://condit-pack.com/images/top-free-things-in-roblox.pdfIn PDF document text
    • http://cristalysoptic.com/images/roblox-project-pokemon-dll-hack.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00007fc1.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7FC1 26604 bytes
SHA-256: 9669196cf75763af4999ddb881840b3405bd90bfa95568b5c3c6970fdda0f2bd
font_01_sfnt_off0000bacb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBACB 17884 bytes
SHA-256: a2bc1537bd1a7565a39708484d4dc32c3461d665d0966d0bf033ca3803e7d316

Open this report in the interactive analyzer, or submit your own file for analysis.