PDF static analysis report

Static analysis result for SHA-256 f5feed7a309d05e9…

SUSPICIOUS

PDF

60.5 KB Created: 2021-04-06 00:26:47 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-24
MD5: 611d889564f5f43278726830b362694a SHA-1: cc0563aee243d704f840d9c9727ac096ad1340b6 SHA-256: f5feed7a309d05e985db584ef7087b295a16426b490b240421d3175f797aa4c2
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/roblox-download-free-for-pc-full-game PDF link annotation
    • http://medimacs.eu/images/free-panda-mask-roblox.pdfIn PDF document text
    • http://fa-deco.com/images/best-exploit-roblox-free.pdfIn PDF document text
    • http://agrao.in/images/who-type-of-roblox-hack-is-the-bes.pdfIn PDF document text
    • http://asiasieja.pl/images/how-to-get-free-robux-from-the-robux-page.pdfIn PDF document text
    • https://www.alu-as.cz/images/robux-unlimited-hack.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/how-to-hack-into-any-roblox-account-2021.pdfIn PDF document text
    • http://xn--80aeb7bbceeegc.xn--p1ai/images/free-roblox-accounts-with-robux-and-obc-2021.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/hack-cliens-for-roblox.pdfIn PDF document text
    • http://stitchingart.com/images/hack-download-roblox-for-free.pdfIn PDF document text
    • https://www.fhccu.com/images/free-promo-codes-for-roblox-clote.pdfIn PDF document text
    • https://beejekorf.nl/images/is-roblox-getting-hacked.pdfIn PDF document text
    • http://nosocomium.rv.ua/images/robux-hack-with-tampermonkey.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/is-roblox-hacking-illegal.pdfIn PDF document text
    • https://happypipers.ch/images/free-robux-no-human-verification-or-survey-ios.pdfIn PDF document text
    • http://villazeus.eu/images/roblox-free-model-teleporting-to-st0p-l00kin-4-siskox.pdfIn PDF document text
    • http://www.boic.nl/images/how-to-cheat-in-roblox-hide-and-seek.pdfIn PDF document text
    • https://www.foodsafety.cz/images/free-robux-real-generator.pdfIn PDF document text
    • http://joshherman.com/images/apocalypse-rising-roblox-hacker-gives-best-loot.pdfIn PDF document text
    • http://www.kalaaliaraq.dk/images/roblox-snow-gentleman-free.pdfIn PDF document text
    • http://www.eurosan1.ba/images/robux-hack-fr.pdfIn PDF document text
    • http://lakomat.by/images/cheats-on-natural-disater-survivle-roblox.pdfIn PDF document text
    • http://joshherman.com/images/roblox-jailbreak-hack-2021-money.pdfIn PDF document text
    • http://www.boic.nl/images/roblox-shark-bite-teeth-hack.pdfIn PDF document text
    • http://mypizzaoven.com/images/como-hackear-roblox-2021.pdfIn PDF document text
    • http://cosver.eu/images/card-codes-for-free-generator-roblox.pdfIn PDF document text
    • http://batutynas.lt/images/how-to-load-cheat-scripts-in-roblox.pdfIn PDF document text
    • http://elitesoftsolutions.com/images/download-roblox-on-laptop-for-free.pdfIn PDF document text
    • http://abletrustcare.com/images/roblox-speed-hack-2021-march.pdfIn PDF document text
    • http://piadaandco.it/images/free-roblox-faction-defense-level-code.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/how-to-get-free-robux-no-hack-no-inspect.pdfIn PDF document text
    • https://europe-upkl.eu/images/is-there-a-free-trial-for-roblox-bc.pdfIn PDF document text
    • https://www.lavigny.ch/images/nxb-how-to-get-jushin-mode-for-free-roblox.pdfIn PDF document text
    • https://www.appartamenticroazia24.com/images/roblox-rocitizens-cheat-codes-may-2021.pdfIn PDF document text
    • http://eventgo.fr/images/roblox-cheat-engine.pdfIn PDF document text
    • http://www.sitiamministrabili.it/images/jesus-of-hacks-roblox.pdfIn PDF document text
    • https://www.ausecus.com/images/illegal-roblox-hacks.pdfIn PDF document text
    • http://stomatolog-choszczno.pl/images/hack-downloads-for-roblox.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/can-you-get-free-robux-for-roblox.pdfIn PDF document text
    • https://pneukalousek.cz/images/tradelands-roblox-cheats-see-in-dark.pdfIn PDF document text
    • http://bowling-am-froschpark.de/images/free-robux-team-panda.pdfIn PDF document text
    • https://rincondelentrenador.com/images/ebay-free-roblox-accounts.pdfIn PDF document text
    • http://www.les2alpes-location.com/images/roblox-free-shirt-templates-white-suit.pdfIn PDF document text
    • http://kingmusic.pl/images/free-robux-website-template.pdfIn PDF document text
    • http://unilin21.ru/images/how-to-use-the-blackout-hack-on-roblox.pdfIn PDF document text
    • http://codicicolori.com/images/free-close-for-roblox.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/robux-hack-robuxmaniac.pdfIn PDF document text
    • https://liftkos.com/images/how-to-get-free-robux-20217.pdfIn PDF document text
    • https://www.u-pin-it.com/images/dragonball-n-roblox-hack.pdfIn PDF document text
    • http://domaizdereva24.ru/images/como-hackear-roblox-con-cheat-engine-robux.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off0000813c.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x813C 26148 bytes
SHA-256: 470f7c430c7168f1878c81922e0e77db4eff796f9c0541455b1cbbc3a1eb3c66
font_01_sfnt_off0000bc2b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBC2B 3312 bytes
SHA-256: 40bd8eebcb3a0d68a8646f1930e84f30a44bfa48525263c6c528f0bc1e9c1677
font_02_sfnt_off0000c77b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC77B 18768 bytes
SHA-256: be2cb0988dd4d58361548b6bc20c33a6d2f9599a9cf50fb2f26e8898d4f5aff3