PDF static analysis report

Static analysis result for SHA-256 e2f8d2bda2e656f3…

SUSPICIOUS

PDF

57.1 KB Created: 2021-04-05 22:51:07 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-17
MD5: 3546fa59c17edcb841e1cee51979e1ed SHA-1: 1a44e40813dac6bfc47d41f47700205a0801ef68 SHA-256: e2f8d2bda2e656f3084735253bb81525353137dedb824782706960fb2314dedb
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF document contains numerous URLs pointing to sites offering game hacks, and the document body itself includes a URL related to 'hack 2021 Roblox Jailbreak'. The ML classifier also flagged this PDF as malicious. This suggests the document is a lure to download potentially malicious content, likely related to game exploits.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/hack-2021-roblox-jailbreak PDF link annotation
    • http://jbm-constructions.com/images/roblox-insta-arrest-hack-jailbreak.pdfIn PDF document text
    • http://eooe.gr/images/roblox-admin-hack-best.pdfIn PDF document text
    • http://montchanintt.fr/images/how-to-get-free-robux-on-phone-no-human-verification.pdfIn PDF document text
    • http://force-seniorklub.dk/images/hack-roblox-booga-booga-2021.pdfIn PDF document text
    • http://evro-okna.net/images/how-to-get-free-visits-on-roblox.pdfIn PDF document text
    • http://www.bbnest.it/images/free-codes-get-robux.pdfIn PDF document text
    • https://gafaseo.com/images/free-robux-hack-2021-december.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/free-robux-pastebin-2021.pdfIn PDF document text
    • https://www.hotschool.com.au/images/roblox-free-download-windows-10.pdfIn PDF document text
    • http://facingachild.org/images/theme-park-tycoon-cheat-mode-roblox.pdfIn PDF document text
    • http://onlinemusicsolutions.com.au/images/roblox-robux-hack-pc-2021.pdfIn PDF document text
    • http://www.cuniv-naama.dz/images/hot-to-hack-roblox-on-mac.pdfIn PDF document text
    • http://serviio.org/images/cheat-engine-on-roblox-2021.pdfIn PDF document text
    • https://sitam.co.in/images/redeem-roblox-virtual-item-free-codes-2021.pdfIn PDF document text
    • http://pa-tanjungselor.go.id/images/blackhawk-roblox-free.pdfIn PDF document text
    • http://adues.org/images/how-to-download-hack-tool-for-roblox.pdfIn PDF document text
    • http://iedarelief.us/images/how-to-hack-roblox-catalog-2021.pdfIn PDF document text
    • http://musical-arts.de/images/free-roblox-promo-codes-gen.pdfIn PDF document text
    • http://ehma.com/images/roblox-piano-sheet-hack.pdfIn PDF document text
    • http://principessalialaofegypt.com/images/roblox-jailbreak-unlimited-money-hack.pdfIn PDF document text
    • https://kimolos-link.gr/images/roblox-island-royale-script-2021-hack.pdfIn PDF document text
    • https://zabota-kashira.ru/images/free-robux-2021-en.pdfIn PDF document text
    • https://www.devries-group.de/images/esp-hack-roblox-cbro.pdfIn PDF document text
    • https://brainpads.com/images/roblox-bloxburg-house-builders-free.pdfIn PDF document text
    • http://canadatowers.com/images/roblox-bloxburg-vehicle-speed-hack.pdfIn PDF document text
    • https://www.banhngoncaocap.com/images/roblox-adopt-me-money-cheat-engine.pdfIn PDF document text
    • https://blagvist.com.ua/images/roblox-hack-stand-user.pdfIn PDF document text
    • https://www.laarsenco.nl/images/roblox-anime-characters-free.pdfIn PDF document text
    • http://giolantapepe.gr/images/https-hack-de-robux-roblox-robux.pdfIn PDF document text
    • http://escolaarboc.cat/images/free-robux-legal-easy-and-fast.pdfIn PDF document text
    • https://asesoriamss.com/images/hack-royale-high-roblox.pdfIn PDF document text
    • http://g3galileo.com/images/roblox-servers-that-give-free-robux.pdfIn PDF document text
    • http://lllaw.eu/images/free-robux-just-type-in-your-username.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/how-to-get-free-robux-on-roblox-no-hacks-joshy.pdfIn PDF document text
    • http://osteonad.com/images/hack-para-boxing-simulator-roblox.pdfIn PDF document text
    • http://www.awakeningtruth.org/images/hack-para-apocalypse-rising-roblox-2021.pdfIn PDF document text
    • http://xn--apartementos-smfora-cala-ratjada-4vc.de/images/how-to-hack-money-in-roblox-tycoons.pdfIn PDF document text
    • http://avocatultau.eu/images/how-to-get-free-hair-extensions-on-roblox.pdfIn PDF document text
    • http://origamiperu.com/images/robux-generator-online-free.pdfIn PDF document text
    • http://lookpaineis.com.br/images/roblox-free-xynapse-x.pdfIn PDF document text
    • http://florentineholding.com/images/free-build-games-roblox.pdfIn PDF document text
    • http://androidthai.in.th/images/free-vip-accounts-roblox.pdfIn PDF document text
    • http://www.eurosan1.ba/images/how-to-hack-your-account-back-on-roblox.pdfIn PDF document text
    • http://www.mjclautrec.fr/images/dead-winter-hack-roblox.pdfIn PDF document text
    • https://www.stoehr-sauer.de/images/roblox-btools-hack-2021-download.pdfIn PDF document text
    • https://www.laarsenco.nl/images/free-games-for-kids-roblox.pdfIn PDF document text
    • http://forsazh-51.ru/images/roblox-free-merch.pdfIn PDF document text
    • http://www.peterdejonge.nl/images/pastebin-robux-hack-2021.pdfIn PDF document text
    • http://www.eurosan1.ba/images/zombie-rush-roblox-cheats.pdfIn PDF document text
    +9 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00007ee0.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x7EE0 26992 bytes
SHA-256: dcd387a0c218f211f757d0aaf6055ab4d1097d47293fda697f0efc7a85011e2c
font_01_sfnt_off0000bb9b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBB9B 18240 bytes
SHA-256: 63287ae72b0b121a7720608b42efcab8bc2b90b9256df32cea96829018696a28