PDF static analysis report

Static analysis result for SHA-256 f1e5be35a80ff330…

SUSPICIOUS

PDF

57.5 KB Created: 2021-04-05 23:49:37 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-23
MD5: 732182b53eb29258deef3b77459b7c2f SHA-1: 5b66cc9c7494d0868b8b9b5dfc31683ddac7ea19 SHA-256: f1e5be35a80ff330c87a33adc0fa883ab80f7dc8ecf10b7ef002591665364361
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/free-10-dollar-roblox-card PDF link annotation
    • http://webstan.be/images/roblox-hack-phantom-forces-cheat-engine.pdfIn PDF document text
    • https://www.elevage-chiot.fr/images/how-to-get-free-robux-no-youtube.pdfIn PDF document text
    • http://lcs-schlieben.de/images/robux-hack-pc-2021.pdfIn PDF document text
    • http://sdservicesrl.it/images/how-to-get-robux-for-free-on-laptop-youtube.pdfIn PDF document text
    • https://icefuture.ru/images/free-roblox-gift-codes-2021.pdfIn PDF document text
    • https://raduzhnyj.od.ua/images/bloxy-world-roblox-free-robux.pdfIn PDF document text
    • https://www.saisystem.it/images/roblox-free-robux-give-away-lve.pdfIn PDF document text
    • https://septik-montag.ru/images/robux-hack-2021-december.pdfIn PDF document text
    • http://ines.co.rs/images/robux-free-wn.pdfIn PDF document text
    • http://www.eurosan1.ba/images/roblox-free-10-robux.pdfIn PDF document text
    • http://getthelook-bkk.com/images/how-to-get-all-items-in-roblox-for-free.pdfIn PDF document text
    • http://www.maakherumusic.net/images/inappropriate-roblox-hacks.pdfIn PDF document text
    • http://unifieo.br/images/roblox-free-printables.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/free-roblox-robux-accounts-2021.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/how-to-get-a-mythic-for-free-in-assasin-roblox.pdfIn PDF document text
    • http://sandra-masemann.de/images/roblox-hack-mobile-download.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/free-roblox-royale-high-outfits.pdfIn PDF document text
    • https://sitam.co.in/images/how-to-hack-mad-paintball-on-roblox.pdfIn PDF document text
    • http://telecomworld.pl/images/free-codes-royale-high-roblox.pdfIn PDF document text
    • http://www.awakeningtruth.org/images/roblox-shinobi-life-hack-2021.pdfIn PDF document text
    • http://global-tech-security.be/images/roblox-redeem-code-hack.pdfIn PDF document text
    • http://fmbompastor.com.br/images/italwhts-the-best-free-horror-games-on-roblox.pdfIn PDF document text
    • http://pdapanache.com/images/how-to-get-robux-on-roblox-for-free-easy.pdfIn PDF document text
    • http://pia2000.net/images/free-obc-roblox-2021.pdfIn PDF document text
    • http://www.anies.eu/images/i-succ-for-free-robux.pdfIn PDF document text
    • http://www.remiauclair.fr/images/free-summer-grl-roblox-skins.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/free-redeemable-robux-codes.pdfIn PDF document text
    • http://abletrustcare.com/images/free-accessory-bear-face-mask-in-roblox.pdfIn PDF document text
    • https://cintasoeste.com.ar/images/how-to-hack-roblox-without-cheat-engine.pdfIn PDF document text
    • http://www.exikom.com.ua/images/how-to-get-never-ending-robux-no-hack.pdfIn PDF document text
    • http://www.eurosan1.ba/images/how-to-get-robux-fast-2021-no-hacks.pdfIn PDF document text
    • http://adues.org/images/how-to-get-free-robux-ipad-mini.pdfIn PDF document text
    • https://www.seeingindependence.org/images/get-anything-free-catalog-roblox.pdfIn PDF document text
    • http://technologicalsc.com/images/how-do-you-get-robux-for-free-roblox-youtube.pdfIn PDF document text
    • https://technospektr.com.ua/images/how-to-sell-a-free-shirt-roblox.pdfIn PDF document text
    • https://www.audev.com/images/how-to-get-back-your-hacked-roblox-account.pdfIn PDF document text
    • http://beer-holzhaus.ch/images/free-straight-face-roblox.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/robux-generator-free-no-password-no-verification.pdfIn PDF document text
    • http://www.hotelcimone.it/images/roblox-robux-hack-ohne-handynummer.pdfIn PDF document text
    • http://fsgtoday.com/images/free-robux-real-feb-24-2021.pdfIn PDF document text
    • http://echosvoix.ch/images/free-robux-codes-2021-october.pdfIn PDF document text
    • http://neltalen.nl/images/cb-roblox-hacks.pdfIn PDF document text
    • http://infoagronomia.com.ar/images/nike-roblox-free.pdfIn PDF document text
    • https://www.audev.com/images/free-roblox-2021-unlimited-codes-for-kids.pdfIn PDF document text
    • http://www.marambio.com.ar/images/free-unused-roblox-card-codes-2021.pdfIn PDF document text
    • http://www.oberberger.it/images/how-do-u-hack-a-roblox-account.pdfIn PDF document text
    • http://aimp-market.ru/images/robux-gift-card-number-free.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/free-onligames-like-roblox.pdfIn PDF document text
    • https://www.elevage-chiot.fr/images/how-to-get-free-robux-no-In PDF document text
    +17 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000827c.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x827C 25960 bytes
SHA-256: e76225a85485976f0242d1b6264471f85554dace91b6eb10b8d20bd85ad7bb45
font_01_sfnt_off0000be07.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBE07 18028 bytes
SHA-256: 7d461442cbe7237563cc6a1cf24872264b13005e8f9d4e2e5bc971aa4c99cf09