PDF static analysis report

Static analysis result for SHA-256 9712085a511baad4…

SUSPICIOUS

PDF

60.6 KB Created: 2021-04-05 19:19:27 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04
MD5: 999f3b91470f057855e7974e22f613ba SHA-1: 66b520cbf08c51aec5a54d9b28dea5b5bc712a7d SHA-256: 9712085a511baad4d447d7276721d6a53258b29f299ebbe0e594f3bd7474b906
50 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains multiple heuristics indicating a lure for a malicious download, specifically promising 'Robux Hack No App Download'. The document body and embedded URLs strongly suggest a phishing attempt to trick users into downloading a potentially malicious file. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 4

  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/robux-hack-no-app-download PDF link annotation
    • https://www.appartamenticroazia24.com/images/bux-gg-free-robux-no-human-verification.pdfIn PDF document text
    • https://www.u-pin-it.com/images/how-to-get-free-robux-on-roblox-2021-may.pdfIn PDF document text
    • http://www.awakeningtruth.org/images/roblox-in-cheat-ingine-work-in-pizza-place.pdfIn PDF document text
    • https://gomsa.nl/images/all-roblox-commands-cheats.pdfIn PDF document text
    • https://hekl-software.de/images/roblox-hack-free-robux-and-tix-2021.pdfIn PDF document text
    • http://addair.co.uk/images/free-robux-glitch-2021-august-25.pdfIn PDF document text
    • http://bibliotheque-perrigny-les-dijon.fr/images/roblox-welcome-to-bloxburg-money-hacktxt.pdfIn PDF document text
    • https://www.najeebqasmi.com/images/roblox-free-robux-t-shirt.pdfIn PDF document text
    • http://avocatultau.eu/images/how-to-hack-roblox-build-a-boat-for-treasure.pdfIn PDF document text
    • http://dottgagliardi.com/images/roblox-dynamic-ship-simulator-hack.pdfIn PDF document text
    • http://texnes-plus.gr/images/cruise-ship-tycoon-cheat-roblox.pdfIn PDF document text
    • https://www.brainpads.com/images/free-robux-gameguardian.pdfIn PDF document text
    • http://www.eurosan1.ba/images/is-it-possible-to-get-banned-for-cheating-roblox.pdfIn PDF document text
    • https://gafaseo.com/images/redeem-code-roblox-hack.pdfIn PDF document text
    • http://malichy.pl/images/invited-free-robux-glitch-by-unknown.pdfIn PDF document text
    • http://canadatowers.com/images/roblox-online-hack-no-verification.pdfIn PDF document text
    • http://santeh-40.ru/images/how-to-hack-slx-roblox.pdfIn PDF document text
    • http://www.gadanie.lv/images/do-free-robux-scams-work.pdfIn PDF document text
    • https://technospektr.com.ua/images/how-to-hack-into-anyones-roblox-2021.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/free-robux-hack-2021-april.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/free-knife-code-assasins-roblox.pdfIn PDF document text
    • http://unifieo.br/images/free-giftcard-at-robuxcom.pdfIn PDF document text
    • http://www.art-concept.gr/images/invisible-blue-hack-roblox.pdfIn PDF document text
    • http://www.pacoestrada.it/images/ways-to-get-free-robux-easy.pdfIn PDF document text
    • http://sostactical.ca/images/robux-hack-2021-no-human-verification.pdfIn PDF document text
    • http://schrichte.de/images/roblox-deadzone-hacks.pdfIn PDF document text
    • http://www.pcclawyers.com.au/images/how-to-get-free-robux-not-a-scam-website.pdfIn PDF document text
    • http://hemmet-strand.dk/images/roblox-free-v-bucvksd.pdfIn PDF document text
    • https://sitam.co.in/images/play-roblox-hacked-version.pdfIn PDF document text
    • http://forsazh-51.ru/images/free-robux-generator-that-really-works-that-works-right-away.pdfIn PDF document text
    • https://kunstmalen.ch/images/roblox-hack.pdfIn PDF document text
    • http://ralf-gryga.de/images/ejecutador-de-hacks-roblox.pdfIn PDF document text
    • http://www.htc.edu.au/images/how-to-make-a-badge-for-free-in-roblox.pdfIn PDF document text
    • http://www.cosver.nl/images/roblox-ways-to-cheat-money-on-vehicle-simulater.pdfIn PDF document text
    • http://lillysonthelake.com/images/hack-password-android-roblox.pdfIn PDF document text
    • http://domaizdereva24.ru/images/free-robux-control-center.pdfIn PDF document text
    • http://batutynas.lt/images/free-robux-with-nothing-just-pick-amount-thats-it.pdfIn PDF document text
    • http://teknotools.net/images/how-to-get-robux-easily-for-free.pdfIn PDF document text
    • https://www.audev.com/images/how-to-get-everything-free-in-roblox-on-ipad.pdfIn PDF document text
    • https://gaj.rs/images/hack-para-tener-robux-gratis-en-roblox-2021.pdfIn PDF document text
    • http://www.exikom.com.ua/images/project-evolved-roblox-cheats.pdfIn PDF document text
    • https://vtvvaals.nl/images/roblox-cheats-for-jailbreack.pdfIn PDF document text
    • http://www.gravel.ru/images/free-roblox-hair-for-avatar.pdfIn PDF document text
    • http://ottawavalleykitchens.ca/images/retail-tycoon-roblox-cheat-engine.pdfIn PDF document text
    • http://greasley.online/images/free-dominus-roblox-ipad.pdfIn PDF document text
    • http://greasley.website/images/rs-hack-roblox.pdfIn PDF document text
    • https://www.millatgears.com/images/hack-roblox-command-prompt.pdfIn PDF document text
    • http://wireprod.net/images/cheat-engine-roblox-for-robux.pdfIn PDF document text
    • https://www.coriglianocalabro.it/images/roblox-straight-away-cheats-for-money-on-roblox.pdfIn PDF document text
    +14 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000856e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x856E 24964 bytes
SHA-256: bf90c9bd72f077c7c445312a7bcb5d4672cc1cbb380e902a37a1981c67acfada
font_01_sfnt_off0000bdcb.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBDCB 3312 bytes
SHA-256: 40bd8eebcb3a0d68a8646f1930e84f30a44bfa48525263c6c528f0bc1e9c1677
font_02_sfnt_off0000c91a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC91A 18256 bytes
SHA-256: 140b4762799f697e3dfd513df6b59e0e3f66ea86e7573fac0675691b54ea47f3