PDF static analysis report

Static analysis result for SHA-256 0eb4196725e601f9…

SUSPICIOUS

PDF

57.8 KB Created: 2021-04-05 18:50:19 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04
MD5: 62eb317398ef4e48d12af85046d0903f SHA-1: 8f73cbcea116f628596a45274afc580d7f32a102 SHA-256: 0eb4196725e601f975fbed2f6ce8a5f45ea041d3db0c4ed0ef71d26ef641ffc2
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains multiple embedded URLs and a heuristic firing for PDF_URI, all pointing to sites related to hacking or exploiting the Roblox game. The document body, though heavily obfuscated, contains a URL that aligns with the attack pattern. The presence of external URIs suggests an attempt to redirect the user to a malicious resource, likely for credential harvesting or malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-hack-the-northern-frontier-roblox PDF link annotation
    • https://www.udivadlahotel.cz/images/roblox-hack-robux-ios.pdfIn PDF document text
    • http://www.vktzunami.cz/images/roblox-level-7-script-executor-free.pdfIn PDF document text
    • http://axia-verlag.at/images/how-to-hack-buildermans-password-on-roblox.pdfIn PDF document text
    • http://eltisstudio.sk/images/c-rex-hack-roblox.pdfIn PDF document text
    • http://www.art-concept.gr/images/how-to-get-free-hair-in-roblox-2021.pdfIn PDF document text
    • http://fairwaygolftravel.co.uk/images/youtube-how-to-hack-acounts-on-roblox.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/roblox-hacks-executor.pdfIn PDF document text
    • http://belagrogen.by/images/games-cheat-engine-works-roblox.pdfIn PDF document text
    • http://hemmet-strand.dk/images/bloxburg-house-builders-free-roblox.pdfIn PDF document text
    • http://autismoalbacete.org/images/roblox-chat-picture-hack.pdfIn PDF document text
    • http://prodent.com.ua/images/roblox-free-cape-catalog.pdfIn PDF document text
    • http://canadatowers.com/images/how-to-do-the-sex-hack-on-roblox.pdfIn PDF document text
    • https://www.mrsz.ir/images/roblox-how-to-get-offsale-items-for-free.pdfIn PDF document text
    • http://halitbayramoglu.com.tr/images/go-to-this-website-for-free-robux.pdfIn PDF document text
    • http://racunari.in.rs/images/jailbreak-hacks-on-roblox.pdfIn PDF document text
    • http://ferienwohnung-walker.de/images/v3rmillion-roblox-free-nuke.pdfIn PDF document text
    • https://ambarevleri.com/images/free-robux-sign-for-homeless.pdfIn PDF document text
    • http://xn--59-6kcusgqlmfgen3m.xn--p1ai/images/robux-hack-pc-2021.pdfIn PDF document text
    • http://indotec.fr/images/funny-roblox-avatar-ideas-free.pdfIn PDF document text
    • http://jackson-pr.com/images/roblox-base-raider-hack.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/free-robux-cards-codes-cheating.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/how-to-hack-roblox-accounts-2021-easy.pdfIn PDF document text
    • http://nevesomost.by/images/free-robux-no-human-verification-2021-no-download.pdfIn PDF document text
    • http://www.rezbb.sk/images/ninja-simulator-roblox-cheats-for-xbox.pdfIn PDF document text
    • https://eleganceautospa.ca/images/pastebincom-free-20b-robux.pdfIn PDF document text
    • http://getthelook-bkk.com/images/roblox-studio-app-free.pdfIn PDF document text
    • http://solidcommunication.ch/images/how-to-speed-hack-with-cheat-engine-roblox.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/roblox-no-download-hack.pdfIn PDF document text
    • http://wokbaarlo.nl/images/how-to-find-out-who-hack-your-roblox-account-back.pdfIn PDF document text
    • https://www.millatgears.com/images/how-to-get-free-coins-in-skywars-roblox.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/youtube-roblox-free-robux-2021.pdfIn PDF document text
    • https://gafaseo.com/images/how-to-get-free-robux-on-apple-phone.pdfIn PDF document text
    • http://gops.pruszczgdanski.pl/images/how-to-use-snowlords-roblox-hacks.pdfIn PDF document text
    • http://evp-sanorlenok.ru/images/cheat-roblox-lumber-tycoon-2-engine.pdfIn PDF document text
    • https://www.lavigny.ch/images/roblox-free-play-bloxburg.pdfIn PDF document text
    • http://brusivojimi.com/images/roblox-jailbreak-gui-hack.pdfIn PDF document text
    • https://www.dierenartsberghman.be/images/robux-hacks-no-human-verification-or-survey.pdfIn PDF document text
    • https://www.sitiwebjoomla.it/images/free-gray-pants-roblox.pdfIn PDF document text
    • https://amatq.ca/images/how-to-get-free-robux-without-gift-cards.pdfIn PDF document text
    • http://www.art-concept.gr/images/get-free-robux-5uecom.pdfIn PDF document text
    • http://internetdeputy.com/images/free-robux-super-easy.pdfIn PDF document text
    • http://www.torvet11.dk/images/roblox-those-who-remain-hack.pdfIn PDF document text
    • http://www.brtes.com/images/roblox-blotch-shikai-hack-script.pdfIn PDF document text
    • https://www.audipec.com.br/images/wich-are-the-best-free-level-7-exploits-for-roblox.pdfIn PDF document text
    • http://www.lionel-seppoloni.fr/images/tp-hacks-for-roblox.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/how-to-hack-someones-roblox-account-with-link.pdfIn PDF document text
    • http://www.gravel.ru/images/how-to-hacka-roblox-game.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/how-to-cheat-in-dungeon-quest-roblox.pdfIn PDF document text
    • http://jackson-pr.com/images/roblox-cheat-dll.pdfIn PDF document text
    +18 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008302.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8302 26056 bytes
SHA-256: 08047815bc3fd301f05fd5ca74ba7dafd181e3b469bc6a4363e540c9ebb92104
font_01_sfnt_off0000be26.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBE26 18436 bytes
SHA-256: 86cb0f8b74ef29bae6a2603752a299459c5b1db40b7275a53ccac9f70838494d