PDF static analysis report

Static analysis result for SHA-256 f4953aca45ff7822…

SUSPICIOUS

PDF

58.3 KB Created: 2021-04-05 19:05:17 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: 3d32a292496c6f85292d34de6cdabe0d SHA-1: ac784af0f6130140b2e610b4bedc3cd66eeed0aa SHA-256: f4953aca45ff7822108761bd53cb34b7a83831bdc71049918469da824f572b4c
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/get-free-roblox-hair PDF link annotation
    • http://bilhetim.com.br/images/descargar-programa-para-hackear-roblox.pdfIn PDF document text
    • http://bibliotheque-perrigny-les-dijon.fr/images/free-robux-hack-no-email.pdfIn PDF document text
    • http://instrumenttut.by/images/roblox-bloxburg-hack-game-guardian.pdfIn PDF document text
    • http://jugendfeuerwehr-scheinfeld.de/images/top-10-free-stuff-on-roblox.pdfIn PDF document text
    • http://jugendfeuerwehr-scheinfeld.de/images/how-to-hack-bo-in-martial-arts-roblox.pdfIn PDF document text
    • https://www.millatgears.com/images/roblox-btool-hack-ultmate.pdfIn PDF document text
    • http://steklofara.com.ua/images/how-to-hack-in-roblox-any-game.pdfIn PDF document text
    • http://halitbayramoglu.com.tr/images/join-group-and-get-free-robux.pdfIn PDF document text
    • http://abletrustcare.com/images/how-to-hack-roblox-on-ipad-2021.pdfIn PDF document text
    • https://newenglandafs.com/images/roblox-cheat-engine-bypass-2021.pdfIn PDF document text
    • https://www.hofe-gmbh.de/images/lua-cheat-engine-roblox.pdfIn PDF document text
    • http://citycare.pt/images/roblox-best-free-clothes.pdfIn PDF document text
    • http://jbm-constructions.com/images/roblox-cheat-engine-trainers.pdfIn PDF document text
    • http://ehma.com/images/free-robux-instantly-2021.pdfIn PDF document text
    • http://bilhetim.com.br/images/how-to-fly-jump-in-roblox-hack.pdfIn PDF document text
    • https://ghpa.ru/images/roblox-hacked-kids.pdfIn PDF document text
    • http://safari-crimea.com/images/roblox-hack-command-bar.pdfIn PDF document text
    • https://www.beaufortcollege.ie/images/earn-free-robux-com.pdfIn PDF document text
    • http://lewishome.net/images/roblox-baton-free.pdfIn PDF document text
    • https://grovehilloutfitters.com/images/free-robux-no-human-vetifycation.pdfIn PDF document text
    • http://www.cosver.nl/images/free-skateboarding-game-on-roblox.pdfIn PDF document text
    • https://www.fhccu.com/images/how-to-get-free-robux-doing-nothing-no-hacks.pdfIn PDF document text
    • https://blagvist.com.ua/images/roblox-unlimited-robux-cheat.pdfIn PDF document text
    • http://medimacs.eu/images/roblox-robux-money-cheat.pdfIn PDF document text
    • https://www.yewtreealpacas.co.uk/images/free-robux-hack-generator-without-human-verification.pdfIn PDF document text
    • https://fkg.usu.ac.id/images/roblox-test-site-hack.pdfIn PDF document text
    • http://energotestcontrol.ru/images/rbxfree-free-robux.pdfIn PDF document text
    • http://webstan.be/images/www-inject-hack-com-roblox.pdfIn PDF document text
    • http://bkd1.balikpapan.go.id/images/cheats-to-get-more-robux-on-roblox.pdfIn PDF document text
    • http://smart-pro.co.uk/images/how-to-get-2021-robux-on-roblox-for-free.pdfIn PDF document text
    • https://bancroftandsons.com/images/how-to-hack-admin-on-roblox-games.pdfIn PDF document text
    • http://mittlenberg.ch/images/how-to-get-robux-for-free-on-pc-without-downloading.pdfIn PDF document text
    • https://www.air-shop.cz/images/how-to-hack-a-roblox-account-2021-september.pdfIn PDF document text
    • http://cdescolapios.org/images/script-hack-roblox-magnet-simulator-inf-pets-stats.pdfIn PDF document text
    • http://rushxpress.de/images/hack-para-roblox-de-romper-pardedes.pdfIn PDF document text
    • http://www.visiblefilm.com/images/free-roblox-account-2021.pdfIn PDF document text
    • https://amatq.ca/images/free-robux-no-verification-or-survey-2021.pdfIn PDF document text
    • http://cadcam.no/images/free-roblox-dislike-bots.pdfIn PDF document text
    • https://socialvalue.gr/images/hack-roblox-retail-tycoon.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/how-to-get-free-tokens-asssassin-roblox.pdfIn PDF document text
    • http://www.remiauclair.fr/images/free-usernames-and-passwords-on-roblox.pdfIn PDF document text
    • https://open-coffee-drimmelen-geertruidenberg.nl/images/roblox-jailbreak-hack-2021-february.pdfIn PDF document text
    • https://yarburservices.ru/images/roblox-test-site-free-bc.pdfIn PDF document text
    • http://www.gadanie.lv/images/how-to-get-hacks-on-roblox-2021.pdfIn PDF document text
    • http://hemmet-strand.dk/images/cheat-roblox-jailbreak-glitches.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/how-to-get-free-robux-no-hack-or-cheat-2021.pdfIn PDF document text
    • http://avocatultau.eu/images/roblox-xbox-360-download-free.pdfIn PDF document text
    • http://armportal.co.uk/images/free-admin-no-download-roblox.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/how-to-hack-builders-club-on-roblox.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000082b9.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x82B9 27888 bytes
SHA-256: 8d70baaaab703b1041436bd38fa8230480e3f43d74cc9b18c516acd6ff15a2fb
font_01_sfnt_off0000c27f.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC27F 17632 bytes
SHA-256: c8bf2d89b30c6ce5d025477e33cd37c42e3fd31141493e7b3566d5205fd65c4a