PDF static analysis report

Static analysis result for SHA-256 4b6d6a74078ee7df…

SUSPICIOUS

PDF

62.0 KB Created: 2021-04-05 21:14:58 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-05
MD5: 02d5bcedae060a98a4188da5e998e833 SHA-1: d335446d92eec0a35af7532b4892cd9f8fb0d128 SHA-256: 4b6d6a74078ee7df1234a8d6fc2b9286833051b4299c8a1c9e82e0a3f9fe997d
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains numerous links to external websites, many of which are hosted on domains suggesting a theme of 'free Robux' or 'hacks'. The presence of the 'ML_NYX_PDF_MALICIOUS' heuristic firing and the embedded URLs strongly indicate a malicious intent to redirect users to potentially harmful sites. While no scripts were explicitly extracted, the document body and heuristics suggest a phishing or malware distribution lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/free-robux-hack-generator-no-human-verification-2021 PDF link annotation
    • http://altc.de/images/roblox-free-robux-adder.pdfIn PDF document text
    • http://agrupamentoescolas-alfredo-da-silva.com/images/how-to-get-free-robux-no-hack-no-inspect.pdfIn PDF document text
    • http://lakeshistory.com/images/pastabin-free-robux.pdfIn PDF document text
    • http://www.torvet11.dk/images/roblox-seraph-free.pdfIn PDF document text
    • http://www.evaplast.by/images/play-free-roblox-war-games.pdfIn PDF document text
    • http://www.inservis.cl/images/free-robux-code-generator-dangerous.pdfIn PDF document text
    • https://semanasantacehegin.com/images/free-prizes-roblox-2021-november.pdfIn PDF document text
    • https://www.academiaanticorrupcion.org/images/roblox-black-wings-free.pdfIn PDF document text
    • https://consorziocsa-asicaivano.it/images/secret-free-robux-generator.pdfIn PDF document text
    • https://schaefer-rechtsanwaelte.com/images/how-to-hack-into-roblox-and-get-robux.pdfIn PDF document text
    • http://alexandrion.com/images/robux-hack-robuxmaniac.pdfIn PDF document text
    • http://gaeconsultores.cl/images/how-to-cheat-roblox-jailbreak-2021.pdfIn PDF document text
    • http://lekarinfo.mk/images/fames-roblox-hacker.pdfIn PDF document text
    • http://www.gravel.ru/images/how-to-get-free-vip-servers-roblox.pdfIn PDF document text
    • http://principessalialaofegypt.com/images/hacks-injector-roblox.pdfIn PDF document text
    • http://apostolosandreaslemesou.com/images/case-clicker-2021-hack-roblox.pdfIn PDF document text
    • https://gomsa.nl/images/how-to-get-free-robux-on-roblox-2021.pdfIn PDF document text
    • https://www.elevage-chiot.fr/images/roblox-arcane-adventures-hack-script.pdfIn PDF document text
    • http://www.occquimica.com.br/images/roblox-rise-of-nations-cheat.pdfIn PDF document text
    • http://smoothjazzclub.net/images/como-tener-robux-gratis-sin-hack-2021.pdfIn PDF document text
    • http://karolinaherrera.com/images/hacker-told-me-a-promocode-that-gives-free-robux.pdfIn PDF document text
    • http://hydroconseil.net/images/robux-hack-for-robol.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/how-to-get-girl-hair-on-roblox-for-free-2021.pdfIn PDF document text
    • https://www.cpnf.ch/images/hacking-someones-account-roblox.pdfIn PDF document text
    • http://mydevice.com.au/images/roblox-free-audios.pdfIn PDF document text
    • https://bdsm-centrum.com/images/free-csgo-skins-roblox-id-audio.pdfIn PDF document text
    • http://www.boic.nl/images/hack-para-jailbreak-roblox-2021.pdfIn PDF document text
    • http://ff-obertraun.at/images/blocks-of-war-free-robux.pdfIn PDF document text
    • http://killebergsridsport.se/images/well-hack-roblox-pc.pdfIn PDF document text
    • http://nevesomost.by/images/free-robux-no-apps-to-download.pdfIn PDF document text
    • http://www.lascalamilanowallcovering.it/images/free-robux-website-that-works.pdfIn PDF document text
    • http://www.copoint.co.uk/images/roblox-free-abs-t-shirt.pdfIn PDF document text
    • https://esl.ipb.ac.id/images/admin-scirpt-hack-roblox.pdfIn PDF document text
    • http://logisticgroup.co/images/free-roblox-music-id.pdfIn PDF document text
    • https://www.laarsenco.nl/images/how-to-hack-roblox-build-a-boat-for-treasure.pdfIn PDF document text
    • http://mostowicz.pl/images/roblox-free-win.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/descargar-blue-hack-roblox.pdfIn PDF document text
    • https://www.arquetopia.org/images/roblox-free-games-login.pdfIn PDF document text
    • https://yarburservices.ru/images/robux-hack-without-human-verify.pdfIn PDF document text
    • https://www.saisystem.it/images/get-free-robux-clothes.pdfIn PDF document text
    • http://legs11.co.za/images/roblox-rb-world-hack.pdfIn PDF document text
    • http://force-seniorklub.dk/images/how-to-get-free-robux-2021-easy.pdfIn PDF document text
    • http://wcasrock.org/images/how-do-people-hack-roblox.pdfIn PDF document text
    • https://www.yewtreealpacas.co.uk/images/roblox-free-robux-no-fike.pdfIn PDF document text
    • http://avocatultau.eu/images/free-quirk-boku-no-roblox.pdfIn PDF document text
    • http://pandaplast.com/images/how-to-kick-in-free-draw-2-roblox.pdfIn PDF document text
    • http://escolaarboc.cat/images/roblox-download-ios-free.pdfIn PDF document text
    • https://pagadder.com/images/how-to-get-free-roblox-2021.pdfIn PDF document text
    • https://www.gymun.cz/images/free-roblox-promo-codes-2021-may.pdfIn PDF document text
    +11 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000083b0.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x83B0 27772 bytes
SHA-256: b775fd902eca9f6e4bbb5597561549a3e6b8e51ad6b3d1bf7bd45ef3487eb211
font_01_sfnt_off0000c2a4.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC2A4 2844 bytes
SHA-256: baad2f3f6808f4af03fa9398e38c580c8d846f7f773a947d8cc1f39b2753d31a
font_02_sfnt_off0000cc65.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xCC65 19128 bytes
SHA-256: 0e9ae74171d14e17582b4caa47507d8e75dcbce26f53423c5063175d2a55b5c3