Malicious PDF — malware analysis report

Static analysis result for SHA-256 624ed79f8a68d51b…

MALICIOUS

PDF

34.6 KB Created: 2021-06-25 09:42:24 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04
MD5: 7c7681a98d6e24076076464d32f512cc SHA-1: bbc705b598b810ec0851b8c0f1e0ce79c668607f SHA-256: 624ed79f8a68d51b21cbc2663155bdd52273a400e5a4bc33e7a09a2cbea5a53b
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a critical heuristic firing indicating a link to known malicious redirector infrastructure, specifically pointing to a URL associated with 'free robux'. The document body also contains this URL and other similar lures. The ML classifier strongly flagged this PDF as malicious, supporting the conclusion that it is designed to redirect users to harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://netcdn.co/app/431946152/rbxfree.com-free-robux-youtube-game-hack In PDF document text
    • https://perpustakaan.itda.ac.id/repository/free-game-pack-with-google-play-coin-master_GM406889139.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/pop-slots-free-vegas-casino-slot-machine-game-coin-master_GM406889139.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/minecraft-svg-free_GM479516143.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/easy-coin-master-hack-without-verification_GM406889139.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/earn-free-robux-for-roblox_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/free-spin-coin-master-2021_GM406889139.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/free-cinema-4d-lightroom-roblox_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/free-roblox-you-can-play-online_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/coin-master-hack-pc-download_GM406889139.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/www-free-robux-com_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/free-roblox-adopt-me-accounts_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/hacks-for-free-robux-on-roblox-no-human-verify_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/free-robux-app_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/how-to-get-free-robux-easy-and-simple_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/free-robux-no-downloading-apps_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/roblox-restaurant-tycoon-hack-pastebin_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/how-do-u-hack-roblox_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/free-roblox-accounts-that-work-100_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/freerobuxhack-us_GM431946152.pdfIn PDF document text
    • https://perpustakaan.itda.ac.id/repository/roblox-hack-unlimited_GM431946152.pdfIn PDF document text
    • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00002f8d.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x2F8D 22340 bytes
SHA-256: 30e418d6d7b2ac45278859402809eafde897de485f01975e423613de78723089
font_01_sfnt_off00006150.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x6150 19308 bytes
SHA-256: e022669ff0f3064563af8bf7a86356257773c69d4c99eb7b1c762ef51ad03e8f

Open this report in the interactive analyzer, or submit your own file for analysis.