PDF static analysis report

Static analysis result for SHA-256 e76676d721a102ee…

SUSPICIOUS

PDF

58.2 KB Created: 2021-04-05 18:21:51 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-15
MD5: 4e8fbfcca196bf9122fc1cabbec5bad1 SHA-1: cc268502c7630f5744f655b23fe61cdb5f285b5c SHA-256: e76676d721a102ee5403b0c479460c74a8ad8833182d8cf320344ddb5b245149
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains a lure related to Roblox game exploits and includes an external URI pointing to a suspicious domain. While no scripts were directly extracted, the presence of an embedded URI and the ML classifier's flagging suggest a malicious intent to redirect the user to a potentially harmful website. The document body, though heavily obfuscated, contains references to the external URI.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/can-someone-hack-you-if-you-report-on-roblox PDF link annotation
    • http://www.vktzunami.cz/images/what-games-on-roblox-give-you-free-things.pdfIn PDF document text
    • https://www.elevage-chiot.fr/images/legit-films-free-robux.pdfIn PDF document text
    • https://www.psychotherapie-naturheilpraxis.de/images/roblox-swordburst-2-cheat.pdfIn PDF document text
    • http://gods-own.org/images/how-can-i-get-a-roblox-hack-gui-to-work.pdfIn PDF document text
    • https://amatq.ca/images/new-cheat-in-roblox-2021.pdfIn PDF document text
    • http://southernhills-golf.com/images/hack-midoriya-full-cowl-roblox.pdfIn PDF document text
    • http://lakeshistory.com/images/roblox-best-free-exploit-march-2021.pdfIn PDF document text
    • http://hemmet-strand.dk/images/free-gift-in-big-paintball-roblox.pdfIn PDF document text
    • http://ims-77.fr/images/roblox-hacks-download-ofr-pc.pdfIn PDF document text
    • http://www.eurosan1.ba/images/get-free-roblox-robux-generator.pdfIn PDF document text
    • http://safetin.ru/images/egg-finder-hacks-for-roblox-dragon-adventures.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/are-roblox-hacks-real.pdfIn PDF document text
    • http://darruzzo.com/images/how-to-earn-free-robux-without-downloading-apps.pdfIn PDF document text
    • http://www.ntc.edu.za/images/cheat-engine-work-on-roblox.pdfIn PDF document text
    • http://only1you.ru/images/como-hackear-cuentas-de-roblox-2021.pdfIn PDF document text
    • http://jackson-pr.com/images/can-your-roblox-account-get-hacked.pdfIn PDF document text
    • http://www.anies.eu/images/how-to-hack-someones-roblox-account-with-link.pdfIn PDF document text
    • http://kids-academy.pl/images/comandos-para-free-admin-roblox.pdfIn PDF document text
    • http://ims-77.fr/images/roblox-mobile-cheats.pdfIn PDF document text
    • https://amatq.ca/images/script-how-to-get-free-robux.pdfIn PDF document text
    • http://www.kalaaliaraq.dk/images/how-to-spped-hack-on-roblox-jailbreak.pdfIn PDF document text
    • http://www.tamogatoweb.hu/images/hack-how-to-get-free-robux.pdfIn PDF document text
    • http://www.marambio.com.ar/images/roblox-hack-admin-script-2021.pdfIn PDF document text
    • http://awakeningtruth.org/images/roblox-flight-hack-download.pdfIn PDF document text
    • http://www.fanciullovito.it/images/best-free-exploits-for-roblox.pdfIn PDF document text
    • http://www.boic.nl/images/roblox-frappe-hacks.pdfIn PDF document text
    • http://batutynas.lt/images/free-bot-followers-roblox.pdfIn PDF document text
    • http://www.cosver.nl/images/robux-hack-validation-code.pdfIn PDF document text
    • http://pa-tanjungselor.go.id/images/free-roblox-accounts-2021-october.pdfIn PDF document text
    • http://engelum.com/images/roblox-hack-free-robux-and-tix-no-survey.pdfIn PDF document text
    • https://letturatarghe.it/images/artmoney-roblox-money-hack.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/admin-commands-roblox-free-robux.pdfIn PDF document text
    • http://www.mosaikshop.at/images/robloxpromocode-free-robux.pdfIn PDF document text
    • http://jwcrownlimo.net/images/free-roblox-cardseasy.pdfIn PDF document text
    • http://eventgo.fr/images/roblox-free-modles.pdfIn PDF document text
    • https://corbo.ru/images/free-10-dollar-roblox-gift-card.pdfIn PDF document text
    • https://septik-montag.ru/images/landonrb-free-robux.pdfIn PDF document text
    • http://keepcasscountybeautiful.com/images/how-to-get-free-roblox-tix-hack.pdfIn PDF document text
    • https://accord.kiev.ua/images/jailbreak-hack-roblox-script.pdfIn PDF document text
    • http://petarda.hu/images/free-hack-in-roblox-jailbreak.pdfIn PDF document text
    • https://pneukalousek.cz/images/how-do-i-hack-roblox-accounts.pdfIn PDF document text
    • http://pandaplast.com/images/easy-hacks-to-get-free-robux.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/roblox-cheat-speed-simulator-2.pdfIn PDF document text
    • http://cmfd.nl/images/roblox-only-for-free.pdfIn PDF document text
    • http://icomsolutions.com.au/images/free-roblox-arsenal-hack-executor.pdfIn PDF document text
    • http://bilhetim.com.br/images/free-suit-in-roblox.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/how-to-get-50-robux-for-free-2021.pdfIn PDF document text
    • http://www.gadanie.lv/images/como-usar-hacks-en-roblox-jailbreak.pdfIn PDF document text
    • http://ff-klaffenbach.de/images/free-galaxy-arcade-roblox.pdfIn PDF document text
    +8 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000081ac.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x81AC 27508 bytes
SHA-256: 6d69da381bd5bcde9c3c4357f24a3c4aee9ad1d18574b29107b2fb2277d78b01
font_01_sfnt_off0000bec8.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBEC8 18716 bytes
SHA-256: 728b06482dff3ce8b7301dead99582b475db9594122f6028f1b33db0fd88d5ca