PDF static analysis report

Static analysis result for SHA-256 41bf2764bb1de20a…

SUSPICIOUS

PDF

61.2 KB Created: 2021-04-05 20:23:09 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04
MD5: f063186cc1ccdb7bd139d8c2f252f91a SHA-1: 500f77af4c454161107905aff8df7d73d4722e87 SHA-256: 41bf2764bb1de20ab5f9c22d56005b46a3f8b8c2291d4162dc8af7e28d843eaa
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous URLs pointing to sites offering 'Roblox hacks' and 'Cheat Engine' downloads, suggesting a lure for potentially unwanted or malicious software. The ML classifier also flagged the PDF as malicious. While no scripts were directly extracted, the presence of embedded URIs and the document's content strongly indicate a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-to-speed-hack-in-roblox-with-cheat-engine PDF link annotation
    • https://verdensbarn.no/images/free-mobile-24-roblox.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/cheat-adopt-me-roblox.pdfIn PDF document text
    • http://linde-erbach.de/images/how-to-hack-a-account-roblox-v3rm.pdfIn PDF document text
    • http://www.occquimica.com.br/images/roblox-cash-grab-simulator-hack.pdfIn PDF document text
    • https://kimolos-link.gr/images/cheat-engine-original-download-roblox.pdfIn PDF document text
    • http://torkelson.se/images/hack-roblox-unlimited-robux.pdfIn PDF document text
    • https://corbo.ru/images/can-free-models-steal-your-password-roblox.pdfIn PDF document text
    • http://jobsy.com.sg/images/free-robux-free-no-verification.pdfIn PDF document text
    • http://beer-holzhaus.ch/images/how-to-get-free-robux-on-roblox-2021-unpatched.pdfIn PDF document text
    • https://www.cpnf.ch/images/free-roblox-for-playstation-4.pdfIn PDF document text
    • http://lksim.com/images/invisible-shirt-roblox-free.pdfIn PDF document text
    • http://greenoase.be/images/free-robux-instantly.pdfIn PDF document text
    • http://www.torvet11.dk/images/roblox-free-super-power-trainin-vip-server.pdfIn PDF document text
    • https://www.najeebqasmi.com/images/free-cookie-logger-for-roblox.pdfIn PDF document text
    • http://torkelson.se/images/roblox-hack-robux-and-tix-no-download-no-survey.pdfIn PDF document text
    • https://www.milewood.co.uk/images/how-to-get-free-obc-in-roblox-2021.pdfIn PDF document text
    • http://bned-leader.co.uk/images/free-robux-hack-legit-working.pdfIn PDF document text
    • http://hydroconseil.com/images/how-to-get-free-robux-on-ipad.pdfIn PDF document text
    • http://jijel.info/images/free-hair-on-roblox-promo-code-2021.pdfIn PDF document text
    • http://bressanassessoria.com.br/images/how-to-hack-roblox-accounts-vomvom2021.pdfIn PDF document text
    • http://gremihostaleria.cat/images/get-free-item-in-roblox.pdfIn PDF document text
    • http://www.evaplast.by/images/roblox-booga-booga-fly-hack.pdfIn PDF document text
    • http://schlossschaenke-andernach.de/images/how-to-change-your-face-on-roblox-for-free.pdfIn PDF document text
    • https://open-coffee-drimmelen-geertruidenberg.nl/images/free-roblox-ad-design.pdfIn PDF document text
    • http://ns1.radiofacil.net/images/joining-groups-will-be-free-on-roblox.pdfIn PDF document text
    • http://www.malonmalon.com.ar/images/roblox-dominus-free-2021.pdfIn PDF document text
    • https://pagadder.com/images/complete-an-action-for-free-robux.pdfIn PDF document text
    • http://southernhills-golf.com/images/robux-hack-tool-2021.pdfIn PDF document text
    • https://gomsa.nl/images/how-to-use-cheat-engine-on-roblox.pdfIn PDF document text
    • https://kunstmalen.ch/images/free-roblox-dday-models.pdfIn PDF document text
    • http://pacatuamigo.com/images/roblox-free-robux-by-watching-ads.pdfIn PDF document text
    • http://behsanroshd.com/images/best-roblox-hack-jailbeak.pdfIn PDF document text
    • http://jbm-constructions.com/images/how-to-get-free-clothes-from-catalog-roblox.pdfIn PDF document text
    • http://harmonygardens.ca/images/free-faces-on-roblox-names.pdfIn PDF document text
    • https://ccej.lviv.ua/images/roblox-vehicler-simulator-afk-money-hack.pdfIn PDF document text
    • http://korporacjaroma.pl/images/free-robux-leggit.pdfIn PDF document text
    • http://www.hotelcomelico.it/images/how-to-hack-fe-games-roblox-v3r.pdfIn PDF document text
    • http://innovativefs.co.uk/images/cr7-hack-roblox.pdfIn PDF document text
    • https://uofk.edu/images/get-1b-robux-free-no-hacks-roblox.pdfIn PDF document text
    • http://agrao.in/images/dragon-ball-ultimate-hack-roblox.pdfIn PDF document text
    • http://osteonad.com/images/cheat-robux-roblox-2021.pdfIn PDF document text
    • http://lichtdrukkerijwijchen.nl/images/free-robux-hack-pro.pdfIn PDF document text
    • http://hemmet-strand.dk/images/free-stuff-for-roblox-avatar.pdfIn PDF document text
    • http://bibliotheque-perrigny-les-dijon.fr/images/free-roblox-gamepasses-app.pdfIn PDF document text
    • https://www.audipec.com.br/images/roblox-dll-hack-2021.pdfIn PDF document text
    • http://salantiskis.lt/images/pastebin-roblox-items-free.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/diffrent-hack-websites-in-roblox.pdfIn PDF document text
    • http://ims-77.fr/images/how-do-you-get-free-robux-in-a-game.pdfIn PDF document text
    • http://www.sanjosedeminas.gob.ec/images/free-download-roblox-studio-2021.pdfIn PDF document text
    +11 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008509.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8509 25808 bytes
SHA-256: ac99eddfd4978191c9e9292b72bf2de084539a6c77b19aa70fda470c0f007eab
font_01_sfnt_off0000bfb4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBFB4 2844 bytes
SHA-256: baad2f3f6808f4af03fa9398e38c580c8d846f7f773a947d8cc1f39b2753d31a
font_02_sfnt_off0000c975.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC975 18952 bytes
SHA-256: 53f9d57bc42d0216a0fd1bff5bdfcca21480b0b4880337c24b2484bd5039e5c3