PDF static analysis report

Static analysis result for SHA-256 fe952a00c83b556b…

SUSPICIOUS

PDF

60.4 KB Created: 2021-04-05 19:56:09 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-23
MD5: a9160043cacca2d2af66afccb85002f2 SHA-1: 67b1b4e416ceee05eb9fc9b17915ff299cab1bc1 SHA-256: fe952a00c83b556bf96aa754d62846a92b67e846c9a073e157c27bc384c3c98f
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7417

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/free-roblox-accounts-with-robux-november-2021 PDF link annotation
    • https://www.hofe-gmbh.de/images/roblox-cheat-god-mode.pdfIn PDF document text
    • https://www.hotschool.com.au/images/free-robux-game-cards.pdfIn PDF document text
    • http://jakthund.org/images/how-to-get-free-money-in-roblox-adopt-me.pdfIn PDF document text
    • http://greasley.online/images/roblox-jailbreak-telport-hack.pdfIn PDF document text
    • http://columbuscigar.com/images/doomsdire-battle-roblox-hack.pdfIn PDF document text
    • http://bullyinformate.org/images/free-robux-generator5.pdfIn PDF document text
    • http://www.campiresine.it/images/roblox-free-exploits-2021.pdfIn PDF document text
    • http://jijel.info/images/roblox-robux-hacks-2021-working.pdfIn PDF document text
    • http://www.hawler.in/images/free-boy-shirts-roblox.pdfIn PDF document text
    • http://ivalor.fr/images/cheat-roblox-wallhack.pdfIn PDF document text
    • https://socialvalue.gr/images/mythical-chaos-robux-hack-v3-0.pdfIn PDF document text
    • https://pagadder.com/images/how-to-get-the-game-bloxtube-for-free-roblox.pdfIn PDF document text
    • http://rumler.pl/images/cheats-for-sprinting-simulator-2-roblox.pdfIn PDF document text
    • http://oddgraphic.com/images/how-to-hack-in-jailbreak-roblox-2021.pdfIn PDF document text
    • http://ferienwohnung-dorsten.com/images/dragon-egg-backpack-roblox-free.pdfIn PDF document text
    • https://yarburservices.ru/images/free-robux-generator5.pdfIn PDF document text
    • http://leigraphics.com/images/roblox-dynamic-ship-simulator-hack.pdfIn PDF document text
    • http://schrichte.de/images/asshurt-roblox-free-download.pdfIn PDF document text
    • http://dos.most.gov.la/images/roblox-how-to-hack-ro-get-free-robux-no-scam.pdfIn PDF document text
    • http://shootawayproduction.com/images/free-robux-sites-no-verification.pdfIn PDF document text
    • http://icomsolutions.com.au/images/how-to-get-free-robux-no-app-download.pdfIn PDF document text
    • http://energotestcontrol.ru/images/roblox-hack-scripts-2021.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/free-gift-card-codes-generator-roblox.pdfIn PDF document text
    • http://amtabor2.at/images/cheat-roblox-en-francais.pdfIn PDF document text
    • https://gzog.pl/images/como-hackear-assassin-en-roblox-2021.pdfIn PDF document text
    • http://www.evaplast.by/images/roblox-free-robux-hack-easy.pdfIn PDF document text
    • http://lewishome.net/images/free-robux-no-human-verification-not-clickbait.pdfIn PDF document text
    • http://iedarelief.us/images/roblox-offline-apk-free-download.pdfIn PDF document text
    • https://ghpa.ru/images/how-to-hack-into-a-roblox-account-2021.pdfIn PDF document text
    • https://www.milewood.co.uk/images/free-builders-club-roblox-2021.pdfIn PDF document text
    • http://dos.most.gov.la/images/how-to-equip-knife-roblox-hack.pdfIn PDF document text
    • http://haertetechnik-steinbach.de/images/how-to-hack-redwood-prison-roblox-2021.pdfIn PDF document text
    • http://www.occquimica.com.br/images/how-to-get-free-cash-on-horse-valley-beta-roblox.pdfIn PDF document text
    • http://ff-obertraun.at/images/how-to-use-a-roblox-hack-script.pdfIn PDF document text
    • https://ogm-goettingen.de/images/gabe-youtube-free-robux.pdfIn PDF document text
    • https://www.audev.com/images/free-robux-and-tix-on-roblox-no-survey.pdfIn PDF document text
    • http://hk-kan.org/images/free-accounts-roblox-2021-september-2021-live.pdfIn PDF document text
    • http://ohsawamacrobiotics.com/images/claim-free-robux-game-roblox.pdfIn PDF document text
    • http://www.brtes.com/images/free-robux-no-scam-or-password.pdfIn PDF document text
    • http://petarda.hu/images/comant-avoir-le-shop-de-roblox-free.pdfIn PDF document text
    • https://www.iadh.bi/images/hack-2021-roblox-ap.pdfIn PDF document text
    • http://www.zdravazena.sk/images/25-000-free-robux.pdfIn PDF document text
    • http://icomsolutions.com.au/images/free-tix-anmd-robux-hack-roblox.pdfIn PDF document text
    • http://papec.ir/images/roblox-download-free-windows-vista.pdfIn PDF document text
    • http://www.mjclautrec.fr/images/edm-reaper-free-robux-april-2021.pdfIn PDF document text
    • http://fm-express.de/images/hack-roblox-dll-2021.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/case-clicker-cheats-roblox-2021.pdfIn PDF document text
    • https://sdg-trade.com/images/how-to-play-roblox-for-free.pdfIn PDF document text
    • http://www.sabbiadoro.net/images/unlimited-free-robux-2021.pdfIn PDF document text
    +15 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_004_off000087e9.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x87E9 28036 bytes
SHA-256: 740a9d86c60cff1495cc5e9021f9042ada0c4196fd285a177f124b05463f6e6c
font_01_sfnt_off0000c5f9.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC5F9 19176 bytes
SHA-256: 95cf1814998f3a5f85e9cc729bea3099b2283e30ce7031917b05bd9ef9bd761e