PDF static analysis report

Static analysis result for SHA-256 f39b49f8ec3c4b61…

SUSPICIOUS

PDF

47.0 KB Created: 2021-04-05 20:15:30 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-10-01
MD5: a3c5e72e9b10c2a1c1d633d53019b79e SHA-1: a8cf85859b977fe96ea98e154526fe5e67417755 SHA-256: f39b49f8ec3c4b6168063a3930b3147d5f339032466ef26a94099eb97874cc93
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9941

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-have-robux-for-free-2021 PDF link annotation
    • http://pgk-polaniec.pl/images/make-free-robux-promo-codes.pdfIn PDF document text
    • http://sbm-nn.ru/images/ww-free-robux-com.pdfIn PDF document text
    • https://servotecnica.com/images/robux-hack-with-inspect-element.pdfIn PDF document text
    • https://www.foodsafety.cz/images/cars-watch-videos-free-robux.pdfIn PDF document text
    • http://shahriyarclimb.com/images/roblox-cheats-money-free.pdfIn PDF document text
    • http://www.evaplast.by/images/roblox-reversed-reality-hack.pdfIn PDF document text
    • http://stomatolog-choszczno.pl/images/roblox-hack-scropts.pdfIn PDF document text
    • http://abqwinair.com/images/free-robux-trial.pdfIn PDF document text
    • https://gzog.pl/images/buildtools-roblox-hack-2021.pdfIn PDF document text
    • http://ofiserco.es/images/roblox-aerial-free.pdfIn PDF document text
    • https://wandersuechtig.de/images/free-robux-no-password-2021.pdfIn PDF document text
    • http://greasley.website/images/gana-500m-de-robux-con-este-hack-2021-100-real.pdfIn PDF document text
    • http://cristalysoptic.com/images/blonde-hair-roblox-free.pdfIn PDF document text
    • http://learningarabic.co.uk/images/rank-centers-roblox-free.pdfIn PDF document text
    • http://musical-arts.de/images/how-to-hack-pizzeria-roleplay-remastered-roblox-money.pdfIn PDF document text
    • http://jobsy.com.sg/images/roblox-assassin-moving-cheat.pdfIn PDF document text
    • http://www.rezbb.sk/images/roblox-guess-the-song-cheats.pdfIn PDF document text
    • http://www.teapotjewelry.com/images/roblox-diary-of-a-noob-download-prison-life-free.pdfIn PDF document text
    • http://www.mikramarine.gr/images/hacked-project-pokemon-roblox.pdfIn PDF document text
    • http://solidcommunication.ch/images/how-to-hack-anyone-on-roblox.pdfIn PDF document text
    • http://www.kalaaliaraq.dk/images/commands-for-free-admin-for-roblox-list.pdfIn PDF document text
    • http://www.eaapiaria.es/images/how-to-prevent-hacking-on-roblox.pdfIn PDF document text
    • https://reggieslockandkey.com/images/online-free-robux-generator.pdfIn PDF document text
    • http://www.art-concept.gr/images/roblox-project-jojo-white-snake-free.pdfIn PDF document text
    • http://shapemybrows.id/images/contrasenas-de-cuentas-de-roblox-free.pdfIn PDF document text
    • http://www.herricht.at/images/free-bc-roblox-2021.pdfIn PDF document text
    • http://pourvosvacances.com/images/how-to-hack-roblox-robux-on-computer.pdfIn PDF document text
    • https://www.acoustiguard.com/images/roblox-cheat-engine-hacks-jailbreak.pdfIn PDF document text
    • http://uo-nn.ru/images/roblox-how-to-get-hacked-account-back.pdfIn PDF document text
    • http://fa-deco.com/images/script-hack-roblox-phantom-forces-2021.pdfIn PDF document text
    • https://www.lomrad.go.th/images/how-to-get-roblox-bc-for-free.pdfIn PDF document text
    • http://homequeen.de/images/roblox-wikia-free-robux.pdfIn PDF document text
    • http://progatiplastic.com/images/exploit-free-roblox.pdfIn PDF document text
    • http://modenese.net/images/free-roblox-online-no-download.pdfIn PDF document text
    • http://brusivojimi.com/images/buy-my-free-roblox-clothes.pdfIn PDF document text
    • http://kfz-ilg.com/images/how-do-you-get-free-robux-in-a-game.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/omo-recuperar-una-uenga-hacker-en-roblox.pdfIn PDF document text
    • http://bullyinformate.org/images/robux-today-free-robux.pdfIn PDF document text
    • https://bdsm-centrum.com/images/free-realms-roblox.pdfIn PDF document text
    • http://eooe.gr/images/roblox-beach-house-roleplay-hack.pdfIn PDF document text
    • http://bi-bordtennis.dk/images/no-pants-roblox-free.pdfIn PDF document text
    • http://fradiomas.com/images/hacker-vs-pro-roblox.pdfIn PDF document text
    • http://agrupamentoescolas-alfredo-da-silva.com/images/how-to-hack-ing-to-roblox-ao.pdfIn PDF document text
    • https://www.fhccu.com/images/roblox-wins-hack-boxing-simulator-2.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/lockview-hack-roblox.pdfIn PDF document text
    • https://www.lavigny.ch/images/free-robux-android-zephplayz.pdfIn PDF document text
    • http://serviio.org/images/free-roblox-hats-2021.pdfIn PDF document text
    • http://kancelaria-legnica.eu/images/how-to-hack-games-on-roblox-2021.pdfIn PDF document text
    • http://news123.it/images/i-got-free-tbc-on-roblox.pdfIn PDF document text
    +2 more URL(s)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00008696.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8696 26532 bytes
SHA-256: 1232f6eae7704223ae22c8fde1fa6e1c8315e0db6b53c84f4c970477acce6f94