PDF static analysis report

Static analysis result for SHA-256 dc9343c370fd8771…

SUSPICIOUS

PDF

60.8 KB Created: 2021-04-05 23:59:08 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: ad8109935bdc9e3fe47e7685fe1c9b34 SHA-1: 3db4f7f5e3a6cc901637e3b215ade8053759ed7f SHA-256: dc9343c370fd8771704883a4efcc3f70bf199296db7a28c7915b52275cf666fa
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a prominent link to 'gaminggenerator.org' which is presented as a guide for using Cheat Engine on Roblox. The presence of the 'ML_NYX_PDF_MALICIOUS' heuristic firing and the embedded URL strongly suggest a malicious intent to trick users into visiting a potentially harmful site. The document body, though heavily obfuscated, contains text related to Roblox and cheat engines, reinforcing the lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-use-cheat-engine-6.2-on-roblox-for-robux PDF link annotation
    • https://jdlgroup.ca/images/roblox-how-to-hack-peoples-badges.pdfIn PDF document text
    • http://kancelaria-legnica.eu/images/how-to-hack-the-underground-in-roblox.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/how-to-sell-items-for-free-on-roblox.pdfIn PDF document text
    • http://agritrade-ukraine.com/images/cool-free-roblox-charecters-uu.pdfIn PDF document text
    • http://solidkom.ch/images/cheat-for-dinosour-simulator-on-roblox.pdfIn PDF document text
    • http://greenoase.be/images/free-robux-videos-for-robux.pdfIn PDF document text
    • http://depelem.fr/images/roblox-destroy-hack.pdfIn PDF document text
    • http://kfz-service-etp.de/images/how-to-hack-the-roblox-birthday-system.pdfIn PDF document text
    • http://amtabor2.at/images/como-evitar-que-un-hacker-te-hackee-en-roblox.pdfIn PDF document text
    • http://homequeen.de/images/roblox-games-that-you-can-play-for-free.pdfIn PDF document text
    • https://letturatarghe.it/images/roblox-how-to-get-gamepasses-for-free.pdfIn PDF document text
    • https://lita-lb.org/images/youtube-how-to-get-free-robux-hack.pdfIn PDF document text
    • http://schrichte.de/images/domino-crown-roblox-free.pdfIn PDF document text
    • https://kunstmalen.ch/images/free-roblox-dday-models.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/project-pokemon-hacked-roblox.pdfIn PDF document text
    • http://www.remiauclair.fr/images/hack-vehicle-tycoon-roblox-codes.pdfIn PDF document text
    • https://www.hotel-forsthaus.com/images/lazyblocks-com-free-robux-generator.pdfIn PDF document text
    • http://mycounty.com.ua/images/ninja-legends-roblox-op-hack-script.pdfIn PDF document text
    • http://loriginedupain.org/images/how-to-hack-a-roblox-server-2021.pdfIn PDF document text
    • https://rietenwinkel.nl/images/free-robux-without-survey-2021.pdfIn PDF document text
    • https://pemadamapi.net/images/free-robux-generator-com.pdfIn PDF document text
    • http://schottlandfieber.de/images/roblox-mad-city-cheats.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/best-free-items-on-roblox.pdfIn PDF document text
    • http://www.lovecraftiana.com.ar/images/hack-roblox-lumber-tycoon-2-fly.pdfIn PDF document text
    • http://sscclc.edu.ec/images/how-to-hack-someone-in-roblox-2021.pdfIn PDF document text
    • https://inscastellar.cat/images/cheat-roblox-jailbreak-money-give.pdfIn PDF document text
    • http://lillysonthelake.com/images/quel-touche-faire-pour-avoir-le-free-code-dans-roblox.pdfIn PDF document text
    • http://kontaktadig.se/images/free-robux-no-human-verification-no-survey-pc.pdfIn PDF document text
    • http://agrupamentoescolas-alfredo-da-silva.com/images/how-to-get-free-glasses-on-roblox.pdfIn PDF document text
    • http://www.e-lysis.com/images/how-to-delete-a-hack-in-roblox.pdfIn PDF document text
    • https://www.inova-cuisine.fr/images/roblox-free-online-jail-break.pdfIn PDF document text
    • https://vtvvaals.nl/images/free-roblox-premium-generator.pdfIn PDF document text
    • http://pia2000.net/images/acually-working-robux-hack.pdfIn PDF document text
    • http://www.torvet11.dk/images/free-robux-games-2021.pdfIn PDF document text
    • http://paro.net.ua/images/paint-hack-roblox.pdfIn PDF document text
    • https://shimony.net/images/cocaine-roblox-hack.pdfIn PDF document text
    • https://technospektr.com.ua/images/roblox-robux-hack-generato.pdfIn PDF document text
    • http://mittlenberg.ch/images/hack-to-get-20210-robux-2021.pdfIn PDF document text
    • http://www.actae.gr/images/pastebin-how-to-get-free-robux.pdfIn PDF document text
    • https://camillesplace.org/images/redeem-promo-codes-for-free-robux.pdfIn PDF document text
    • https://fkg.usu.ac.id/images/cute-free-outfits-roblox-girl.pdfIn PDF document text
    • http://hydroconseil.net/images/como-parecer-hacker-en-roblox.pdfIn PDF document text
    • http://zarinnameh.ir/images/free-rewards-robux-webs.pdfIn PDF document text
    • http://ff-obertraun.at/images/hack-a-roblox-game.pdfIn PDF document text
    • http://www.maakherumusic.net/images/changelog--free-codes-https-devforumrobloxcom-t-infinityrpgc.pdfIn PDF document text
    • https://www.air-shop.cz/images/youtube-free-roblox-account.pdfIn PDF document text
    • http://elize-photography.co.za/images/cheat-roblox-madcity-money.pdfIn PDF document text
    • https://www.academiaanticorrupcion.org/images/rocashcom-earn-free-robux-by-watching-videos-and-completing-surveys.pdfIn PDF document text
    • http://ecoleduchat-grenoble.fr/images/codes-to-get-free-money-on-roblox-rocitizens.pdfIn PDF document text
    +19 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008725.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8725 28144 bytes
SHA-256: 263fe85056826b440297cd3a5bee67a20d6aeb5ddee39373bf7aa0a573e4407e
font_01_sfnt_off0000c794.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC794 19288 bytes
SHA-256: accabfd898d5b5b80d45ed2d558116020f3726a75e6029f16191bcabfc6ccfb9