PDF static analysis report

Static analysis result for SHA-256 f0dafba2828359b2…

SUSPICIOUS

PDF

57.1 KB Created: 2021-04-05 22:03:09 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-23
MD5: fcb0ed346b0481c630034bafeabb418a SHA-1: 230975f2c5c727ac15beb72f4570839a7a991ad2 SHA-256: f0dafba2828359b225da2618c87b5479319f5ad89bbdbe7f0a15229c6b0a2cae
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-put-hacks-in-roblox PDF link annotation
    • http://www.mikramarine.gr/images/cheats-for-super-power-training-simulator-roblox.pdfIn PDF document text
    • http://www.htc.edu.au/images/hack-750-robux.pdfIn PDF document text
    • https://www.albisser.ch/images/how-to-hack-sword-fight-on-the-heights-on-roblox.pdfIn PDF document text
    • http://halitbayramoglu.com.tr/images/instal-roblox-free-and-easy-download.pdfIn PDF document text
    • http://ptts.pl/images/free-roblox-giveaway.pdfIn PDF document text
    • http://classicskitours.net/images/hack-app-for-roblox-pet-simulator.pdfIn PDF document text
    • http://baah.ca/images/codes-to-get-free-vip-in-roblox.pdfIn PDF document text
    • http://arch-centr.ru/images/hack-roblox-robux-code.pdfIn PDF document text
    • http://neumann.fr/images/roblox-murder-mystery-2-hack-download.pdfIn PDF document text
    • http://sscclc.edu.ec/images/how-to-get-free-robux-20219.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/roblox-free-shirt-templates-download.pdfIn PDF document text
    • http://ktn.com.br/images/free-aesthetic-stuff-on-roblox.pdfIn PDF document text
    • http://nevesomost.by/images/funny-roblox-avatar-ideas-free.pdfIn PDF document text
    • http://prodent.com.ua/images/roblox-plates-of-fate-hack-floating.pdfIn PDF document text
    • https://www.foodsafety.cz/images/robux-javascript-hack.pdfIn PDF document text
    • http://feuerwehr-rheinau.de/images/easy-hack-to-get-halos-in-royale-high-roblox.pdfIn PDF document text
    • http://www.copoint.co.uk/images/dolphin-ss-roblox-free.pdfIn PDF document text
    • https://koeltotaal.com/images/red-kine-cheat-roblox.pdfIn PDF document text
    • http://www.controverseinterapie.it/images/robux-hack-2021.pdfIn PDF document text
    • http://echosvoix.ch/images/va-a-ser-hackeado-roblox-en-2021.pdfIn PDF document text
    • http://goldwing-shop.ru/images/roblox-payment-exe-download-free.pdfIn PDF document text
    • http://moto98.com/images/how-to-speed-hack-on-roblox-2021.pdfIn PDF document text
    • https://www.millatgears.com/images/70-free-robux.pdfIn PDF document text
    • http://dos.most.gov.la/images/roblox-aimbot-hack-mac.pdfIn PDF document text
    • http://kids-academy.pl/images/roblox-admin-hack-script-2021.pdfIn PDF document text
    • http://loszavera.com/images/how-to-get-free-legit-working-robux.pdfIn PDF document text
    • https://www.romedia.gr/images/roblox-robux-hack-2021-2021-working-no-password-unpatchable.pdfIn PDF document text
    • http://s-punkt-objects.de/images/how-do-u-get-free-robux-on-roblox-2021.pdfIn PDF document text
    • http://iedarelief.us/images/hack-exploit-para-roblox.pdfIn PDF document text
    • http://apkmaykop.ru/images/how-to-have-free-hair-on-roblox.pdfIn PDF document text
    • http://interpretation-dessins-enfants.net/images/working-hacks-for-getting-unlimited-robux.pdfIn PDF document text
    • https://www.audev.com/images/appbounty-robux-hack.pdfIn PDF document text
    • http://baah.ca/images/free-aimbot-roblox.pdfIn PDF document text
    • http://moralcenter.or.th/images/roblox-hack-ingame.pdfIn PDF document text
    • http://optsuvenir.by/images/roblox-hack-cheat.pdfIn PDF document text
    • http://bwharrisalumniusa.org/images/roblox-coin-flip-hat-hack.pdfIn PDF document text
    • http://kermas.eu/images/free-robux-hck.pdfIn PDF document text
    • http://sealysports.com/images/assassin-2-hack-roblox-script.pdfIn PDF document text
    • http://kundentest.de/images/how-to-get-free-robux-on-amazon-fire-tablet.pdfIn PDF document text
    • http://bullyinformate.org/images/roblox-is-it-free.pdfIn PDF document text
    • https://www.osoc.com/images/roblox-game-free-items.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/breaking-point-roblox-hacks.pdfIn PDF document text
    • https://ballaratcaravans.com.au/images/free-robux-gift-card-codes-unused-2021.pdfIn PDF document text
    • https://www.sitiwebjoomla.it/images/how-to-cheat-in-fashion-frenzy-roblox.pdfIn PDF document text
    • https://www.cnte.org.br/images/how-to-cheat-tycoon-roblox.pdfIn PDF document text
    • http://www.isril.it/images/roblox-pet-simulator-dominus-huge-hack.pdfIn PDF document text
    • https://www.fhccu.com/images/how-to-hack-into-anyones-roblox-account-2021.pdfIn PDF document text
    • https://socialvalue.gr/images/rbx-boots-roblox-free-robux.pdfIn PDF document text
    • http://cristalysoptic.com/images/roblox-cheat-engine-the-streets.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008262.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8262 25448 bytes
SHA-256: afd0eb8c2a91df9ff91f6e9f56a688c730c89d0bdba0c4c99c0d04360dcfafbb
font_01_sfnt_off0000bbf7.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBBF7 18188 bytes
SHA-256: a5d3fb0811c9f75ce9a7376c7452606b9d6761dd655a279a1bf3462a0693e32f