Malicious PDF — malware analysis report

Static analysis result for SHA-256 d886f24781027a10…

MALICIOUS

PDF

55.7 KB Created: 2021-04-12 01:29:31 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04
MD5: 1a5c6bb660b18d9b93c68b174eba8e73 SHA-1: dc61451bd26be029a5a44bb44f952f5cd165bc96 SHA-256: d886f24781027a103d6bf7fc74c3b424f4ebcffd5cc29b84e2b3f054b49ba988
110 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains multiple heuristics indicating a lure for game hacks and free Robux, specifically pointing to the URL 'https://gaminggenerator.org/app/431946152/games-that-free-robux-game-hack'. The presence of embedded URLs and the ML classifier strongly suggest malicious intent, likely to redirect users to a phishing site or initiate a download. Although no scripts were explicitly extracted, the PDF structure and embedded links are indicative of a social engineering attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 5

  • PDF links to a 'free generator / game hack' redirector critical PDF_GAME_HACK_REDIRECT_LURE
    PDF's clickable action targets a redirector of the form /app/<id>/<slug>-game-hack — the landing-page shape of a large SEO 'free spins / generator / game hack' lure family that funnels victims through rotating disposable hosts to a malware/scam payload. The multi-link variants also trip ML/link-farm rules; this catches the single-link variants that otherwise score clean. CRITICAL on its own: the /app/<id>/<slug>-game-hack path shape is unambiguous scam infra, and the host rotates so a host-list match can't be relied on.
  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gaminggenerator.org/app/431946152/games-that-free-robux-game-hack PDF link annotation
    • http://aistplus.ru/images/roblox-free-robux-no-scam.pdfIn PDF document text
    • http://instrutech.co.th/images/free-robux-dec-2021.pdfIn PDF document text
    • https://reggieslockandkey.com/images/free-robux-toy-codes.pdfIn PDF document text
    • https://gestionpatrimonial.net/images/how-to-get-cheats-in-roblox-jailbreak-yt.pdfIn PDF document text
    • https://www.prodex-holz.at/images/roblox-hack-robux-download-2021.pdfIn PDF document text
    • http://dih.gov.al/images/roblox-free-account-biz.pdfIn PDF document text
    • http://bluediffusion.it/images/download-a-free-generator-for-robux-no-website.pdfIn PDF document text
    • http://yowunpiyasa.lk/images/roblox-speed-run-4-cheats.pdfIn PDF document text
    • https://marielyst-grundejerforening.dk/images/boku-no-roblox-hack-quirk-vermillion.pdfIn PDF document text
    • https://stroyzakazremont.ru/images/how-to-hack-on-prison-life-roblox.pdfIn PDF document text
    • http://chartsmart.com.au/images/pastebin-roblox-free-robux.pdfIn PDF document text
    • http://swibome.nl/images/boku-no-roblox-remastered-quirk-hack.pdfIn PDF document text
    • http://bf-sozidanie.ru/images/broly-simulator-cheats-roblox.pdfIn PDF document text
    • https://ghpa.ru/images/is-there-a-free-coding-platform-for-roblox.pdfIn PDF document text
    • http://jdlrelocation.com/images/roblox-beyond-hack.pdfIn PDF document text
    • http://gaec.cl/images/roblox-jailbreak-hacks-download-free.pdfIn PDF document text
    • https://centraltravel.com/images/how-to-hack-roblox-to-get-robux-no-survey.pdfIn PDF document text
    • https://www.cnte.org.br/images/how-to-get-free-stuff-on-roblox-mobile-2021.pdfIn PDF document text
    • http://biotronics.com.cy/images/how-to-execute-hack-scripts-in-roblox.pdfIn PDF document text
    • http://colegioluisamigo.cl/images/hack-tower-battle-roblox.pdfIn PDF document text
    • http://www.conservatoriolecce.it/images/deadly-sins-online-roblox-hacks.pdfIn PDF document text
    • https://shop.bellmann-muenzen.de/images/best-free-streaming-device-for-roblox-and-low-end-pcs.pdfIn PDF document text
    • http://felmerihomes.com.au/images/roblox-robux-cheat-youtbe.pdfIn PDF document text
    • http://inextpresident.com/images/hack-subir-robux.pdfIn PDF document text
    • http://mohacad.com/images/best-drawings-on-roblox-free-draw-2.pdfIn PDF document text
    • https://www.seeingindependence.org/images/roblox-login-play-online-for-free.pdfIn PDF document text
    • http://schlossschaenke-andernach.de/images/free-robux-2021.pdfIn PDF document text
    • http://www.les2alpes-location.com/images/free-robux-no-offer-real.pdfIn PDF document text
    • https://bancroftandsons.com/images/rbc-points-get-free-robux-points.pdfIn PDF document text
    • http://library.umla.ac.id/repository/free-robux-generator-no-scams.pdfIn PDF document text
    • http://projectunionstreet.com/library/repository/roblox-highschool-cheat-codes.pdfIn PDF document text
    • http://blueduna.com/images/how-to-get-free-robux-2021-generator.pdfIn PDF document text
    • https://gigbagwinkel.nl/images/free-robux-hack-no-human-verification-and-no-download.pdfIn PDF document text
    • https://www.sauvonsleclimat.org/images/roblox-script-hack-epic-minigames.pdfIn PDF document text
    • http://the-specials.ch/images/synapse-roblox-download-free-2021.pdfIn PDF document text
    • http://www.metanoiaconsultantsglobal.com/images/games-that-give-u-free-robux.pdfIn PDF document text
    • https://aniruddhasadm.com/images/free-adopt-me-flying-potion-roblox.pdfIn PDF document text
    • http://casabea.de/images/how-to-fix-hacked-roblox-account.pdfIn PDF document text
    • http://farwesterndistrict.org/images/roblox-jailbreak-cheat-engine-hack.pdfIn PDF document text
    • https://roberto-gac.com/images/how-to-make-a-dll-hack-for-roblox.pdfIn PDF document text
    • http://www.marambio.com.ar/images/pin-roblox-card-free.pdfIn PDF document text
    • http://petarda.hu/images/hacker-game-in-roblox.pdfIn PDF document text
    • http://arch-centr.ru/images/hacking-ldshadowladys-roblox-account.pdfIn PDF document text
    • http://daksz.hu/images/all-roblox-bloxburg-hack-2021.pdfIn PDF document text
    • http://e-library.unw.ac.id:1254/repository/roblox-game-tablet-hack.pdfIn PDF document text
    • http://doganov.be/images/how-to-get-free-robux-without-any-verification.pdfIn PDF document text
    • http://lib.pps.uin-suka.ac.id/repository/free-pro-roblox-stuff.pdfIn PDF document text
    • http://killebergsridsport.se/images/roblox-look-girl-free.pdfIn PDF document text
    • http://karldall.dk/images/free-roblox-hacks-no-download.pdfIn PDF document text
    +18 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000078e3.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x78E3 27264 bytes
SHA-256: 1fe1d376c9db5ad3eba25cab0fa4f390740bf6be1090b11762cc19a60d6f29f9
stream_004_off0000b65c.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB65C 18196 bytes
SHA-256: e5ceb11eb9ab85830e76defde9e5cbdced868d64e9d5f8994b633fe81230ea3a

Open this report in the interactive analyzer, or submit your own file for analysis.