PDF static analysis report

Static analysis result for SHA-256 ec10b817978b0bd8…

SUSPICIOUS

PDF

59.9 KB Created: 2021-04-05 23:12:12 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: fbfcf7963c6c4c8aa97de85e06cf5211 SHA-1: cec6822a2b9d40ea969d936d1b759b25490b7216 SHA-256: ec10b817978b0bd8c743d3e3894d7baf290b714e1f81201e6fd4154e06d8e94b
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document body and extracted URLs indicate a lure related to obtaining free items or cheats for the game Roblox. The presence of numerous suspicious URLs, combined with the ML classifier flagging the PDF as malicious, strongly suggests a phishing or scam attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URIs are consistent with techniques used to redirect users to malicious websites.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-get-free-glasses-on-roblox PDF link annotation
    • http://apostolosandreaslemesou.com/images/how-to-enable-speed-hack-on-cheat-engine-roblox.pdfIn PDF document text
    • http://imp.lg.ua/images/nograv-on-roblox-using-cheat-engine.pdfIn PDF document text
    • http://junktiquecollector.com/images/roblox-cheat-engine-jump-hack.pdfIn PDF document text
    • http://shiny-nn.ru/images/map-free-robux-card-code-2021.pdfIn PDF document text
    • http://indotec.fr/images/roblox-free-adidas-teu.pdfIn PDF document text
    • http://egorplitka.ru/images/free-roblox-cookies-discord.pdfIn PDF document text
    • https://digitalsenseafrica.com.ng/images/roblox-jailbreak-hack-bypassed.pdfIn PDF document text
    • http://ghegamethu.vn/images/comment-ont-fais-pour-avoir-un-cheat-sur-robloxcheat-roblox.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/roblox-tickets-hack.pdfIn PDF document text
    • http://www.mikramarine.gr/images/free-roblox-passwords-2021.pdfIn PDF document text
    • https://www.romedia.gr/images/chat-hack-roblox-download.pdfIn PDF document text
    • http://egorplitka.ru/images/how-to-get-free-gamepasses-on-roblox-2021.pdfIn PDF document text
    • http://www.fanciullovito.it/images/roblox-song-i-want-to-break-free.pdfIn PDF document text
    • http://lllaw.eu/images/free-robux-scam-game-uncopylocked.pdfIn PDF document text
    • https://www.romedia.gr/images/roblox-weight-lifting-sim-hack.pdfIn PDF document text
    • http://pandaplast.com/images/free-roblox-headphone.pdfIn PDF document text
    • http://southernhills-golf.com/images/roblox-robux-hack-no-survey-or-download-u-said-tags.pdfIn PDF document text
    • http://bau-lk.de/images/laxify-roblox-hack.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/how-to-get-free-robux-from-bloxmarket.pdfIn PDF document text
    • http://interpretation-dessins-enfants.net/images/how-to-get-free-robux-in-5-seconds.pdfIn PDF document text
    • http://www.thecoffeebaron.co.za/images/free-robux-omg.pdfIn PDF document text
    • https://www.impactfoods.co.uk/images/free-robux-2021-no-survey-or-download.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/free-online-roblox-tycoons.pdfIn PDF document text
    • http://florentineholding.com/images/roblox-mad-city-cheat-download.pdfIn PDF document text
    • http://www.evaplast.by/images/scpninetailedfox-mod-cheats-roblox.pdfIn PDF document text
    • http://www.visiblefilm.com/images/roblox-protosmasher-free-download.pdfIn PDF document text
    • http://www.cosver.nl/images/my-roblox-account-has-been-hacked.pdfIn PDF document text
    • https://www.albisser.ch/images/roblox-free-robux-add-to-chrome.pdfIn PDF document text
    • https://www.manisoft.ir/images/how-to-use-roblox-jailbreak-auto-rob-hack.pdfIn PDF document text
    • http://naturschutzgossau-zh.ch/images/roblox-free-boombox-script-site-v3rmillionnet.pdfIn PDF document text
    • https://kldcardio.ru/images/free-robux-generator-quiz.pdfIn PDF document text
    • https://pemadamapi.net/images/qtx-roblox-download-free.pdfIn PDF document text
    • http://evp-sanorlenok.ru/images/can-i-hack-roblox.pdfIn PDF document text
    • http://cdescolapios.org/images/roblox-lumber-tycoon-hack-2021.pdfIn PDF document text
    • http://solidkom.ch/images/como-ser-hacker-en-roblox-con-el-movil.pdfIn PDF document text
    • http://gc-sistemas.com.ar/images/how-to-get-free-hacks-on-robloxs.pdfIn PDF document text
    • http://serviio.org/images/free-robux-no-generator.pdfIn PDF document text
    • https://cdu-lengerich.de/images/get-free-robux-from-roblox.pdfIn PDF document text
    • http://beer-holzhaus.ch/images/synapse-roblox-hack-ddl.pdfIn PDF document text
    • http://fmbompastor.com.br/images/roblox-hacks-xray-2021.pdfIn PDF document text
    • http://imp.lg.ua/images/roblox-hack-mobilenerator-net.pdfIn PDF document text
    • https://reggieslockandkey.com/images/free-free-robux-robux-robux.pdfIn PDF document text
    • http://www.evaplast.by/images/free-robux-generator-no-survey-no-download-no-password.pdfIn PDF document text
    • http://learningarabic.co.uk/images/how-to-get-roblox-admin-for-free.pdfIn PDF document text
    • https://www.fhccu.com/images/free-robux-com-generator.pdfIn PDF document text
    • http://www.maranata4x4.co.za/images/how-to-recover-hacked-roblox-account-without-email.pdfIn PDF document text
    • https://sdg-trade.com/images/roblox-jailbreak-hack-jjsploit.pdfIn PDF document text
    • http://learningarabic.co.uk/images/roblox-gift-codes-free.pdfIn PDF document text
    • http://www.pleiadisrl.it/images/how-to-get-free-rocket-fuel-roblox-jailbreak.pdfIn PDF document text
    +16 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008230.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8230 25776 bytes
SHA-256: 70c3325e9bdbe6e605b11cc37dbda056a3311dc88a0b1a36eef15d9ff839bb44
font_01_sfnt_off0000bd2f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBD2F 2896 bytes
SHA-256: 90d77d065f93150ee652ed3ce79924b5ebfcae47abf79a24366adbef9fa21c4a
font_02_sfnt_off0000c72e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC72E 18028 bytes
SHA-256: 1e35068bdafde4db4122bdd5baed00c86fd321718d10683b20877d61e0990b67