Malicious PDF — malware analysis report

Static analysis result for SHA-256 62401d3584bfa68b…

MALICIOUS

PDF

58.0 KB Created: 2021-04-05 21:18:47 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-05-29
MD5: fe67909dee755ba509d3d6810b655ef6 SHA-1: 4b789138a4d443fd148c1524c787ce17752ba47e SHA-256: 62401d3584bfa68b78d6765f1d718c1e7f7b41bb95b9ac1e70e93c83df14beb1
112 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 5

  • Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISH
    Document impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: http://gaminggenerator.org/app/431946152/free-robux-for-android-no-human-verification.
  • PDF carries game-hack generator link farm medium PDF_GAME_HACK_LINK_FARM
    PDF contains a gaminggenerator.org app lure together with multiple external PDF links whose filenames advertise game hacks, cheats, jailbreaks, or generators. This is a lure/delivery link farm rather than a PDF exploit: the risk is the linked redirection chain.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/free-robux-for-android-no-human-verification PDF link annotation
    • http://atelierweb.it/images/free-robux-auto-human-verification.pdfIn PDF document text
    • http://ktn.com.br/images/how-to-get-free-robux-unauthorized-paymen.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/how-to-get-free-robux-in-an-easy-way.pdfIn PDF document text
    • http://www.sapaengineering.kz/images/cheat-codes-to-get-robux-on-roblox.pdfIn PDF document text
    • https://www.lomrad.go.th/images/roblox-how-to-make-clothes-for-free.pdfIn PDF document text
    • https://www.seeingindependence.org/images/get-robux-paid-access-games-free.pdfIn PDF document text
    • http://lanoblaie.fr/images/free-shirt-templates-on-roblox.pdfIn PDF document text
    • http://www.inservis.cl/images/instant-free-robux-com.pdfIn PDF document text
    • http://eau-petit-pont.com/images/how-to-get-free-hats-on-roblox-2021.pdfIn PDF document text
    • http://www.visiblefilm.com/images/cheat-engine-67-roblox-robux.pdfIn PDF document text
    • http://jbm-constructions.com/images/weapon-hack-roblox-pastebin.pdfIn PDF document text
    • http://hk-kan.org/images/how-to-hack-roblox-accounts-and-get-passwords-2021.pdfIn PDF document text
    • http://goosesscuba.com/images/roblox-password-hacker.pdfIn PDF document text
    • http://selectionspdf.fr/images/roblox-2021-robux-hack.pdfIn PDF document text
    • http://moto98.com/images/script-hack-roblox-download.pdfIn PDF document text
    • http://www.inservis.cl/images/roblox-glitch-hack-download.pdfIn PDF document text
    • https://amatq.ca/images/hack-mining-simulator-roblox-2021.pdfIn PDF document text
    • https://springhorn-reisen.de/images/long-pastel-hair-roblox-free-to-purchase.pdfIn PDF document text
    • http://brusivojimi.com/images/free-characters-on-roblox.pdfIn PDF document text
    • http://domaizdereva24.ru/images/free-roblox-womens-face.pdfIn PDF document text
    • https://www.foodsafety.cz/images/free-roblox-accounts-that-work-100.pdfIn PDF document text
    • https://arcasict.nl/images/free-robux-2021-easy-not-working.pdfIn PDF document text
    • https://socialvalue.gr/images/roblox-vehicle-simulator-money-hack-script.pdfIn PDF document text
    • https://hassel-event.de/images/how-to-get-free-gamepass-roblox.pdfIn PDF document text
    • http://legs11.co.za/images/roblox-how-to-get-unlimited-free-robox-2021.pdfIn PDF document text
    • http://www.agri-tech.com.au/images/how-to-hack-roblox-accounts-and-get-free-robux.pdfIn PDF document text
    • http://addair.co.uk/images/hack-explosin-roblox-pizza-place.pdfIn PDF document text
    • http://www.awakeningtruth.org/images/can-a-roblox-exploiter-hack.pdfIn PDF document text
    • https://eleganceautospa.ca/images/roblox-free-followers.pdfIn PDF document text
    • http://www.torvet11.dk/images/how-to-crack-a-roblox-hack-made-in-visual-studio.pdfIn PDF document text
    • http://osteonad.com/images/hoot-join-a-roblox-group-for-free.pdfIn PDF document text
    • https://www.yewtreealpacas.co.uk/images/stickmasterluke-free-robux.pdfIn PDF document text
    • https://fkg.usu.ac.id/images/robux-hack-copy-and-paste.pdfIn PDF document text
    • http://ktn.com.br/images/get-free-robux-no-app-download.pdfIn PDF document text
    • https://verdensbarn.no/images/como-hackear-roblox-pushing.pdfIn PDF document text
    • http://ozonizarint.com/images/roblox-free-draw-script.pdfIn PDF document text
    • https://socialvalue.gr/images/free-robux-hackget-up-to-22-500-free-robux-today.pdfIn PDF document text
    • http://almacargo.com/images/como-hackear-robux-100-real.pdfIn PDF document text
    • http://bi-bordtennis.dk/images/jailbreak-robux-hack.pdfIn PDF document text
    • http://jbm-constructions.com/images/free-robux-no-generator-or-survey.pdfIn PDF document text
    • http://shiny-nn.ru/images/hack-rc7-roblox-download.pdfIn PDF document text
    • http://jugendfeuerwehr-scheinfeld.de/images/free-robux-hack-2021-inspect.pdfIn PDF document text
    • http://nevesomost.by/images/how-to-hack-someones-roblox-account-with-cheat-engine.pdfIn PDF document text
    • http://halitbayramoglu.com.tr/images/roblox-1-hit-kill-hack-the-ninja-way.pdfIn PDF document text
    • http://onlinemusicsolutions.com.au/images/hacks-to-g-et-into-houses-on-roblox.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/script-hack-roblox-magnet-simulator-inf-pets-stats.pdfIn PDF document text
    • http://pacatuamigo.com/images/growbux-free-robux.pdfIn PDF document text
    • http://aeroclub-kaernten.at/images/unlimited-jump-hack-roblox.pdfIn PDF document text
    • http://pacatuamigo.com/images/jump-hack-roblox-cheat-engine.pdfIn PDF document text
    +14 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000083ec.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x83EC 25056 bytes
SHA-256: c890bd5e00e4940d3a2f1b84715ea6b294880c49131b64494ac2143dd74d5ca4
font_01_sfnt_off0000bdd6.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBDD6 18728 bytes
SHA-256: 5a43eba68b11e3d1c4172b46da7e3525abbd6b7dfe53946d71f69ec38951da30