Malicious PDF — malware analysis report

Static analysis result for SHA-256 7f3a2cb568180692…

MALICIOUS

PDF

59.9 KB Created: 2021-04-06 00:41:47 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04
MD5: 4afb7755f50be99042b406c21ebe66cc SHA-1: 657e80d77d10cb63d7b3980f5478d508896938c4 SHA-256: 7f3a2cb56818069231a69f9dbe11681c623056a7b5f095da6a0b99e3bf9161f0
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a lure impersonating Facebook, directing users to download Roblox-related content via a malicious URL. The presence of a visual download button and the ML classifier flagging the PDF as malicious strongly suggest a credential phishing or malware distribution attempt. The primary URL identified is http://gaminggenerator.org/app/431946152/descargar-roblox-para-android-hack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 4

  • Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISH
    Document impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: http://gaminggenerator.org/app/431946152/descargar-roblox-para-android-hack.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/descargar-roblox-para-android-hack PDF link annotation
    • http://kundentest.de/images/what-day-does-john-doe-hack-roblox.pdfIn PDF document text
    • http://iacovoulaw.com/images/roblox-yammy-hacking.pdfIn PDF document text
    • https://www.babik-po.cz/images/free-robux-no-surveys-or-human-verify.pdfIn PDF document text
    • http://www.copoint.co.uk/images/2021-free-robux-windows-81.pdfIn PDF document text
    • http://erptrends.com/images/why-there-is-no-roblox-level-7-free.pdfIn PDF document text
    • https://www.cnte.org.br/images/roblox-highschool-hack-script.pdfIn PDF document text
    • https://www.tartineartisanal.com/images/youtube-how-to-get-free-robux-2021.pdfIn PDF document text
    • http://wokbaarlo.nl/images/whow-to-hack-somebody-on-roblox.pdfIn PDF document text
    • http://vagency.us/images/free-roblox-tshirts-download.pdfIn PDF document text
    • https://bancroftandsons.com/images/roblox-give-tool-hack-pastebin.pdfIn PDF document text
    • http://bwharrisalumniusa.org/images/free-expired-items-on-roblox.pdfIn PDF document text
    • http://stsbih.com.ba/images/best-free-catalog-items-in-roblox.pdfIn PDF document text
    • https://zszolesno.pl/images/roblox-gift-card-codes-hack.pdfIn PDF document text
    • http://internetdeputy.com/images/free-uploader-roblox-exploit.pdfIn PDF document text
    • https://inspiration-modellbau.de/images/how-to-get-any-item-on-roblox-for-free.pdfIn PDF document text
    • https://www.najeebqasmi.com/images/2021-free-robux-202120210-working-legggggit.pdfIn PDF document text
    • http://www.occquimica.com.br/images/actually-free-robux-promo-codes-2021.pdfIn PDF document text
    • http://selectionspdf.fr/images/how-to-make-a-hacking-script-for-roblox.pdfIn PDF document text
    • http://asiasieja.pl/images/roblox-robux-hack-script-jquery.pdfIn PDF document text
    • http://micromegamondo.com/images/get-free-robux-on-robloxcom.pdfIn PDF document text
    • http://learningarabic.co.uk/images/roblox-free-download-uptodown.pdfIn PDF document text
    • http://baofrance.com/images/roblox-vehicle-simulator-cheats-xbox-one.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/how-to-redeem-a-free-code-on-roblox.pdfIn PDF document text
    • https://lobergetart.se/images/how-to-hack-roblox-with-windows-7.pdfIn PDF document text
    • http://engelum.com/images/counter-blox-roblox-offensive-wall-hack.pdfIn PDF document text
    • http://verenacrow.at/images/hexaria-roblox-hack.pdfIn PDF document text
    • http://torkelson.se/images/blocky-world-free-robux.pdfIn PDF document text
    • http://www.drent.se/images/free-shirts-on-roblox-2021.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/roblox-medieval-warfare-hack.pdfIn PDF document text
    • https://www.wildpark-johannismuehle.de/images/roblox-speed-hack-cheat-engine-vermillion.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/free-package-com-roblox.pdfIn PDF document text
    • http://energotestcontrol.ru/images/hack-roblox-booga-booga-2021.pdfIn PDF document text
    • http://www.thecoffeebaron.co.za/images/roblox-hack-robux-descargar.pdfIn PDF document text
    • https://www.tsdb.com.au/images/free-roblox-game-card-codes-2021.pdfIn PDF document text
    • http://vipservice-bg.com/images/how-to-free-robux-2021.pdfIn PDF document text
    • http://atelierweb.it/images/how-to-get-free-robux-with-pastebin-2021.pdfIn PDF document text
    • http://ernstgloves.co.il/images/africa-but-its-copyright-free-roblox-id.pdfIn PDF document text
    • http://echosvoix.ch/images/hackear-cuentas-de-roblox.pdfIn PDF document text
    • http://www.jureclomas.com.ar/images/how-to-make-roblox-shirts-for-free.pdfIn PDF document text
    • https://pa-pangkalpinang.go.id/images/how-to-get-free-clothes-on-roblox-iphone.pdfIn PDF document text
    • http://kruiz21.ru/images/comment-telecharger-un-logiciel-de-hack-dur-roblox.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/roblox-piano-hack-no-download.pdfIn PDF document text
    • http://instrutech.co.th/images/roblox-hack.pdfIn PDF document text
    • http://bit-sky.com/images/5-robux-for-free.pdfIn PDF document text
    • http://consultinggirona.es/images/how-to-hack-into-roblox-acc.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/how-to-get-free-robux-javascript-2021.pdfIn PDF document text
    • http://asiashop-france.fr/images/code-how-to-get-50-free-crystals-roblox-miners-haven.pdfIn PDF document text
    • http://ericvanpraet.eu/images/cara-cheat-roblox-android.pdfIn PDF document text
    • https://semanasantacehegin.com/images/joining-groups-will-be-free-on-roblox.pdfIn PDF document text
    +17 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008278.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8278 25180 bytes
SHA-256: 2af429ba9e887e6f8e1e5e2fd7b6ce3f9570ed55dadf7ca2cdbdeed56298edf8
font_01_sfnt_off0000bb51.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBB51 2832 bytes
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2
font_02_sfnt_off0000c501.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC501 18812 bytes
SHA-256: 4138be9e05aa7075f2c34a9e75f4d57d2878ed6e467c6eeac745e0f0de1da4d5