Malicious PDF — malware analysis report

Static analysis result for SHA-256 d807431abc173ee8…

MALICIOUS

PDF

58.8 KB Created: 2021-04-05 19:25:38 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-04
MD5: 744926b4d5076bdce6d09abf4cfc2b24 SHA-1: dbad0a9e9b3dfa7b7c0914fbb1ab047dd643a71f SHA-256: d807431abc173ee86f7d9f59f1c33c8e2477247c419834d445d866206d414880
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File

This PDF document was flagged as malicious by an ML classifier. It uses a fake browser/software-install lure. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6397

Heuristics 4

  • Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
    Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/free-robux-roblox-rom PDF link annotation
    • https://www.najeebqasmi.com/images/hacken-on-roblox.pdfIn PDF document text
    • https://www.porthos.it/images/roblox-booga-booga-mojo-update-hack.pdfIn PDF document text
    • http://jasperfirstumc.com/images/free-robux-code-2021-roblox.pdfIn PDF document text
    • http://kids-academy.pl/images/any-free-roblox-exploits-2021-reddit.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/hack-roblox-generator-no-survey-2021.pdfIn PDF document text
    • http://jointworkstudio.com/images/how-to-get-free-skins-on-counter-blox-roblox-offensive.pdfIn PDF document text
    • http://cekmekoygundem.com/images/free-robux-obby-made-by-stickmasterluke.pdfIn PDF document text
    • http://badboybiteaway.de/images/cheat-roblox-kick-players.pdfIn PDF document text
    • http://cadcam.no/images/roblox-hack-movil.pdfIn PDF document text
    • http://kishplus.ir/images/how-to-hack-rpg-world-roblox.pdfIn PDF document text
    • http://onlinemusicsolutions.com.au/images/roblox-how-to-get-free-gear-2021.pdfIn PDF document text
    • http://www.fanciullovito.it/images/free-premote-group-on-roblox.pdfIn PDF document text
    • https://tokunfome.com.br/images/roblox-free-robux-clothes.pdfIn PDF document text
    • http://tegeler-segler.de/images/roblox-hack-account-app.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/apocalypse-rising-hacks-roblox-crash.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/awesome-roblox-hacks.pdfIn PDF document text
    • http://aviaprofsoyuz.info/images/how-to-hack-on-roblox-assain.pdfIn PDF document text
    • https://ballaratcaravans.com.au/images/hack-para-roblox-youtube.pdfIn PDF document text
    • http://hindicenter.com/images/how-to-hack-roblox-robux-no-download.pdfIn PDF document text
    • http://gestibrok.com/images/comment-avoir-le-free-skin-de-strucid-roblox.pdfIn PDF document text
    • https://gomsa.nl/images/free-roblox-graphics.pdfIn PDF document text
    • https://www.appartamenticroazia24.com/images/free-accounts-for-roblox-2021.pdfIn PDF document text
    • http://beagles-of-harmony.de/images/roblox-hack-without-downloading-games.pdfIn PDF document text
    • http://www.hawler.in/images/how-to-hack-in-roblox-ninja-legends.pdfIn PDF document text
    • https://technospektr.com.ua/images/how-to-sell-a-free-shirt-roblox.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/roblox-robux-hack-no-servey-or-human-vervcation.pdfIn PDF document text
    • https://www.fhccu.com/images/roblox-jump-hack-check-cashed.pdfIn PDF document text
    • http://famoirs.co.uk/images/free-robux-no-human-verification-android-2021.pdfIn PDF document text
    • http://www.eurosan1.ba/images/roblox-pokemon-brick-bronze-hack.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/free-robux-generator-no-nothing.pdfIn PDF document text
    • https://verdensbarn.no/images/how-do-you-hack-roblox-to-have-sex.pdfIn PDF document text
    • http://seniorenverband-brh-nds.de/images/how-to-get-free-robux-without-personal-info.pdfIn PDF document text
    • https://www.milewood.co.uk/images/roblox-app-free-download.pdfIn PDF document text
    • http://76remont-kvartir.ru/images/free-noclip-hack-roblox.pdfIn PDF document text
    • https://estalagemmonteverde.com.br/images/roblox-cash-hack-script-pastebin-2021.pdfIn PDF document text
    • https://kimolos-link.gr/images/best-free-catalog-items-in-roblox.pdfIn PDF document text
    • http://www.fluidtech.hu/images/how-to-make-a-roblox-hack-injector.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/how-to-get-on-bloxburg-for-free-on-roblox-tablet.pdfIn PDF document text
    • http://www.les2alpes-location.com/images/how-to-get-robux-for-free-sites.pdfIn PDF document text
    • http://centuriatus.com/images/hacks-of-roblox-2021-espanol.pdfIn PDF document text
    • https://pemadamapi.net/images/claim-free-robux-pastebin.pdfIn PDF document text
    • https://centraltravel.com/images/btools-script-roblox-hack.pdfIn PDF document text
    • https://www.tartineartisanal.com/images/tiny-tanks-cheats-roblox.pdfIn PDF document text
    • http://stomatolog-choszczno.pl/images/roblox-royale-high-cheats-2021.pdfIn PDF document text
    • https://www.air-shop.cz/images/hack-prison-life-roblox-noviembre2021.pdfIn PDF document text
    • http://www.rezbb.sk/images/free-robux-2021-website.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/strucid-roblox-hacks-aimbot.pdfIn PDF document text
    • http://abqwinair.com/images/cheat-codes-for-roblox-assassin.pdfIn PDF document text
    • http://agrao.in/images/hellowen-roblox-shirt-free.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000805e.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x805E 26404 bytes
SHA-256: 3d02cdc0b2abfda6d4163a097d01923036365537f89714f65aaa951893134a13
font_01_sfnt_off0000baca.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBACA 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c47a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC47A 17580 bytes
SHA-256: 3af8379f4afd87f915b945efd818ef250ffe8f432ca6405840a1e5bd122639cc