PDF static analysis report

Static analysis result for SHA-256 f208982607368573…

SUSPICIOUS

PDF

57.4 KB Created: 2021-04-05 21:57:41 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: c6cbe7d3639b3e40d4b0dfcc221db778 SHA-1: 983fb079804ee8606c8949d381946f4864aa2082 SHA-256: f2089826073685730a758defdb531ca550aba43af792c6c0a1b7d91a3ce446ff
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-rs-free PDF link annotation
    • http://www.lycee-langevin-wallon.com/images/roblox-robux-hack-tool-generator-lev-les.pdfIn PDF document text
    • https://sitam.co.in/images/how-to-hack-black-hawk-mission-2-roblox.pdfIn PDF document text
    • http://www.imperialaccountingfl.com/images/roblox-admin-hack-download-pc.pdfIn PDF document text
    • http://autenticohostalsalou.com/images/free-robux-2021.pdfIn PDF document text
    • http://www.ntc.edu.za/images/como-descargar-hacks-para-roblox-sin-virus.pdfIn PDF document text
    • https://www.polyfin.de/images/awesome-roblox-outfits-for-free.pdfIn PDF document text
    • http://www.thecoffeebaron.co.za/images/how-to-be-carrot-god-for-free-in-roblox.pdfIn PDF document text
    • http://finettifrs.it/images/free-roblox-games-that-i-can-play-trackid-sp006.pdfIn PDF document text
    • https://enpav.it/images/wie-kann-man-free-robux-kriegen.pdfIn PDF document text
    • http://greenemiller.com/images/roblox-fun-com-free-robux-generator.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/bhop-hack-roblox.pdfIn PDF document text
    • http://kruiz21.ru/images/roblox-music-script-hack.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/dayz-2-roblox-hack.pdfIn PDF document text
    • https://www.ukrtrans.biz/images/f12-hack-roblox.pdfIn PDF document text
    • https://gaj.rs/images/roblox-hack-robux-420-apk-az.pdfIn PDF document text
    • https://servotecnica.com/images/how-to-get-anything-for-free-on-roblox-2021.pdfIn PDF document text
    • https://shimony.net/images/roblox-jailbreak-has-anyone-gotten-on-cheater-island.pdfIn PDF document text
    • https://academy.cr/images/free-robux-no-human-verification-generator.pdfIn PDF document text
    • http://onlinemusicsolutions.com.au/images/smurf-backpack-gives-free-robux-roblox-hack.pdfIn PDF document text
    • http://iacovoulaw.com/images/hack-roblox-exploit-omgexploit.pdfIn PDF document text
    • http://serviio.org/images/get-your-free-robux-now.pdfIn PDF document text
    • https://texcarmats.com/images/roblox-is-there-any-hacks-that-avast-antivirus-allows.pdfIn PDF document text
    • http://gremihostaleria.cat/images/free-roblox-commercial.pdfIn PDF document text
    • https://www.banhngoncaocap.com/images/tshirt-hacker-roblox-png.pdfIn PDF document text
    • http://www.studiodamato.it/images/roblox-synapses-free-trial.pdfIn PDF document text
    • https://europainstitut.hu/images/fre-sha-voca-do-roblox-id.pdfIn PDF document text
    • http://steklofara.com.ua/images/growtrooperz-free-robux.pdfIn PDF document text
    • http://ff-obertraun.at/images/site-de-hack-roblox.pdfIn PDF document text
    • https://www.ghknights.org/images/how-to-get-free-robux-100-real.pdfIn PDF document text
    • http://global-tech-security.be/images/free-roblox-clothes-catalog.pdfIn PDF document text
    • http://echosvoix.ch/images/speed-simulator-roblox-hack.pdfIn PDF document text
    • http://technologicalsc.com/images/roblox-shinobi-life-cheat-engine-spins.pdfIn PDF document text
    • https://www.udivadlahotel.cz/images/roblox-hack-executor-2021.pdfIn PDF document text
    • http://fotoflas.gr/images/how-to-hack-the-greenwood-town-roblox.pdfIn PDF document text
    • https://www.cpnf.ch/images/how-to-get-all-items-in-roblox-for-free.pdfIn PDF document text
    • http://medimacs.eu/images/how-can-you-get-free-robux-on-roblox.pdfIn PDF document text
    • http://seytarehco.com/images/como-hackear-assassin-en-roblox.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/roblox-hack-imulator.pdfIn PDF document text
    • https://www.brainpads.com/images/roblox-kick-hack-fe.pdfIn PDF document text
    • http://zarinnameh.ir/images/roblox-test-site-hack.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/murder-mystery-roblox-hacks.pdfIn PDF document text
    • http://kancelaria-legnica.eu/images/how-to-hack-roblox-sql.pdfIn PDF document text
    • http://pa-tanjungselor.go.id/images/roblox-1x1x1x1-hack-crazy.pdfIn PDF document text
    • http://fccsms.com/images/roblox-free-game-templates.pdfIn PDF document text
    • http://livebybuddhism.org/images/knife-roblox-hack.pdfIn PDF document text
    • http://www.learningbydoinglingue.com/images/do-you-want-free-robux-copypaste.pdfIn PDF document text
    • http://magistrinfo.ru/images/how-to-prevent-your-roblox-account-from-being-hacked.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/how-to-hack-in-ar-in-roblox.pdfIn PDF document text
    • http://archi-z.ru/images/roblox-virus-free-hack-clients.pdfIn PDF document text
    +10 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008299.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8299 26896 bytes
SHA-256: bba1c6a1230f33613c0c07bc19ffaf3f99de8a17a33300be62a8857fd8d43b8c
font_01_sfnt_off0000bfc2.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBFC2 17372 bytes
SHA-256: 1248f347886f83c2d1c22f0d18dcb1b27f424e33c8843d62134b5b15a6428123