PDF static analysis report

Static analysis result for SHA-256 507c4bc38efd65ae…

SUSPICIOUS

PDF

59.5 KB Created: 2021-04-05 22:11:17 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04
MD5: bdbba10030ef8f74c29eeaf7b694f1cb SHA-1: d89359ecb950a970af3da071608dbfdb2915f157 SHA-256: 507c4bc38efd65ae395d853bd2e43fc4b7a57e88c1c9d4762b9c3b92df207b6f
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a lure for a game cheat tool, directing users to a suspicious URL. The ML classifier also flagged the PDF as malicious. The presence of numerous links to PDF files related to game cheats and hacks suggests a phishing or social engineering attempt to trick users into downloading potentially malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/easy-cheat-for-ultimate-driving-newark-roblox PDF link annotation
    • http://innovativefs.co.uk/images/roblox-booga-booga-hack-script-pastebin.pdfIn PDF document text
    • https://www.knxuk.org/images/roblox-for-free-on-phone.pdfIn PDF document text
    • http://j-cook.pro/images/free-promo-codes-that-give-you-robux.pdfIn PDF document text
    • http://nevesomost.by/images/roblox-cheat-tool-download.pdfIn PDF document text
    • http://salantiskis.lt/images/best-free-roblox-screen-recorder.pdfIn PDF document text
    • http://www.centromedicoaurora.it/images/how-to-get-free-robux-2021-no-hack.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/flubhack-roblox.pdfIn PDF document text
    • https://www.colditex.com/images/free-robux-gift-card-codes-2021-genertor.pdfIn PDF document text
    • http://vipservice-bg.com/images/comment-avoir-des-robux-sans-hack-ni-telechargemant.pdfIn PDF document text
    • http://ivalor.fr/images/new-roblox-hack-exploit-for-murder-mystery-2.pdfIn PDF document text
    • https://www.audev.com/images/roblox-account-free-trial.pdfIn PDF document text
    • https://www.gymun.cz/images/free-green-dawing-roblox.pdfIn PDF document text
    • https://www.cosmosdawn.net/images/get-50-00-robux-free.pdfIn PDF document text
    • http://alarmed.pl/images/free-robux-with-no-human-verification-2021.pdfIn PDF document text
    • http://properteez.com/images/gameblox-free-robux.pdfIn PDF document text
    • http://lv-siegen.de/images/treasure-hunt-roblox-hacks.pdfIn PDF document text
    • http://briankellyforcongress.com/images/how-to-get-free-roblox-money-easy.pdfIn PDF document text
    • https://www.arquetopia.org/images/free-robux-without-verification-on-ios.pdfIn PDF document text
    • http://legs11.co.za/images/glitches-to-get-free-robux.pdfIn PDF document text
    • http://panaceafamilymedicine.com/images/free-black-roblox-music.pdfIn PDF document text
    • http://s-punkt-objects.de/images/mega-roblox-cheat-free.pdfIn PDF document text
    • http://nevesomost.by/images/roblox-free-lua-executor.pdfIn PDF document text
    • http://principessalialaofegypt.com/images/half-hacker-half-guest-roblox-300x300.pdfIn PDF document text
    • http://sscclc.edu.ec/images/adminonly-roblox-game--was-given-80-000-free-robux.pdfIn PDF document text
    • http://huananhai.net/images/best-free-roblox-screen-recorder.pdfIn PDF document text
    • http://energotestcontrol.ru/images/how-do-u-get-free-robux-without-builders-club.pdfIn PDF document text
    • http://kids-academy.pl/images/wie-kann-man-ihn-roblox-hacken-um-robaks.pdfIn PDF document text
    • http://garciamadeirascampinas.com.br/images/roblox-jailbreak-hack-how-to-through-walls-hack.pdfIn PDF document text
    • http://www.exikom.com.ua/images/ho-to-get-free-glowing-skirt-on-royale-high-roblox.pdfIn PDF document text
    • http://cadcam.no/images/como-hackear-juego-en-roblox.pdfIn PDF document text
    • http://www.remiauclair.fr/images/cc-roblox-hack-download.pdfIn PDF document text
    • http://www.fabbrotorino.eu/images/cheat-roblox-pass-thought-the-wall.pdfIn PDF document text
    • http://zibai.eu/images/real-no-hummon-verification-robux-hack.pdfIn PDF document text
    • http://aiyta.com/images/games-that-give-free-robux-without-pass.pdfIn PDF document text
    • https://www.foodsafety.cz/images/free-robux-easy-quiz.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/how-to-vote-kick-on-free-draw-roblox.pdfIn PDF document text
    • http://gavertrimmers.be/images/free-rewards-roblox.pdfIn PDF document text
    • https://www.gvandenakker.nl/images/money-hack-roblox-adopt-me.pdfIn PDF document text
    • http://the-specials.ch/images/brdarski-roblox-inspect-element-hack.pdfIn PDF document text
    • http://iacovoulaw.com/images/donald-trump-free-robux.pdfIn PDF document text
    • https://socialvalue.gr/images/roblox-cs-go-aimbot-hack.pdfIn PDF document text
    • http://piadaandco.it/images/roblox-company-robux-free.pdfIn PDF document text
    • https://masseymotorcars.com/images/roblox-cheat-engine-66-bypass.pdfIn PDF document text
    • http://bf-sozidanie.ru/images/how-to-get-free-robux-by-inspecting-on-mac.pdfIn PDF document text
    • http://fa-deco.com/images/2021-robux-for-free.pdfIn PDF document text
    • http://jwcrownlimo.net/images/how-to-hack-surf-leaderboard-roblox.pdfIn PDF document text
    • http://www.likto.eu/images/how-to-get-roblox-admin-hack.pdfIn PDF document text
    • http://tecnodue.com/images/how-to-get-free-codes-for-roblox.pdfIn PDF document text
    • http://www.campiresine.it/images/free-robux-hack-for-2021.pdfIn PDF document text
    +13 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00008435.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x8435 27624 bytes
SHA-256: 61041bd2fe5f7834bda309504ccbade6d8136a3b1193d04e33d7fc107a9629cd
font_01_sfnt_off0000c12a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC12A 19684 bytes
SHA-256: ef9cfdfc7b3f0dd566102077c290a02617cabaac156b403c6c64ffe61bbc967b