PDF static analysis report

Static analysis result for SHA-256 f5e8a941ef1e54b5…

SUSPICIOUS

PDF

61.4 KB Created: 2021-04-05 19:40:08 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2026-06-04
MD5: b92eb626b3cda38fef776418d3289d02 SHA-1: ab7d907f96ff0fbd89fb3543f5ea8abb2c184282 SHA-256: f5e8a941ef1e54b5af993e36dc0700079902328eeac39df79271ae31ce44b611
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF document contains multiple URLs and a call-to-action phrase, strongly suggesting a phishing or scam attempt. The document body, though partially corrupted, mentions 'Free Robux' and includes a URL pointing to a site that likely hosts a malicious payload or scam. The ML classifier also flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-do-i-get-free-robux-without-survey PDF link annotation
    • https://uofk.edu/images/free-robux-no-human-verification-no-survey-no-offer.pdfIn PDF document text
    • http://greenoase.be/images/deluxe-ninja-sword-for-roblox-for-free.pdfIn PDF document text
    • http://modenese.net/images/roblox-hack-dll-script.pdfIn PDF document text
    • http://learningarabic.co.uk/images/joedaddy-free-robux.pdfIn PDF document text
    • http://www.marambio.com.ar/images/roblox-prison-break-cheats.pdfIn PDF document text
    • http://autenticohostalsalou.com/images/free-card-number-for-robux.pdfIn PDF document text
    • http://modenese.net/images/roblox-sunset-city-hack.pdfIn PDF document text
    • http://batterikungen.se/images/roblox-free-pants-and-shirt.pdfIn PDF document text
    • https://www.porthos.it/images/free-robux-no-more.pdfIn PDF document text
    • http://force-seniorklub.dk/images/roblox-hacks-and-cheats-that-work.pdfIn PDF document text
    • https://www.tsdb.com.au/images/hack-robux-gratis-pastebin.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/check-cashed-v3-beta-free-download-roblox.pdfIn PDF document text
    • http://www.prylfabriken.se/images/free-commands-for-roblox.pdfIn PDF document text
    • http://uctovnictvosnv.sk/images/free-robux-games-obby.pdfIn PDF document text
    • https://kimolos-link.gr/images/roblox-clothes-hack.pdfIn PDF document text
    • http://learningarabic.co.uk/images/roblox-free-robux-limited-edition.pdfIn PDF document text
    • http://ascom4.com/images/roblox-redeem-cod-free.pdfIn PDF document text
    • https://meltonschool.org/images/how-to-hack-atm-roblox.pdfIn PDF document text
    • http://damvallei.be/images/robux-generator-no-human-verification-or-survey-roblox-hack-tool.pdfIn PDF document text
    • http://www.peterdejonge.nl/images/robux-for-free-no-survey-2021.pdfIn PDF document text
    • https://rietenwinkel.nl/images/roblox-making-other-people-chat-hack.pdfIn PDF document text
    • http://ivalor.fr/images/wearedevs-hack-roblox.pdfIn PDF document text
    • https://estalagemmonteverde.com.br/images/free-robux-no-scam-or-password.pdfIn PDF document text
    • http://stroygrad-spb.com/images/free-robux-elizabeth-songs.pdfIn PDF document text
    • http://huananhai.net/images/get-free-robux-by-entering-thid-birthday.pdfIn PDF document text
    • http://schrichte.de/images/free-robux-lua-script.pdfIn PDF document text
    • https://www.prodex-holz.cz/images/uninstall-roblox-free.pdfIn PDF document text
    • http://ff-klaffenbach.de/images/how-to-put-cheat-codes-roblox-bubble-gum.pdfIn PDF document text
    • https://komakinosite.jp/images/roblox-apk-hacks.pdfIn PDF document text
    • http://www.gadanie.lv/images/how-to-earn-free-robux-2021.pdfIn PDF document text
    • http://www.eurosan1.ba/images/free-robux-bloxawards.pdfIn PDF document text
    • http://dshikr.ru/images/free-roblox-account-generator.pdfIn PDF document text
    • http://wattkit.com/images/free-robux-codes-website.pdfIn PDF document text
    • http://alexanderautos.co/images/bux-gg-free-robux-no-human-verification.pdfIn PDF document text
    • http://www.makoto.su/images/best-free-roblox-strategy-games.pdfIn PDF document text
    • https://www.ghknights.org/images/como-conseguir-ropa-gratis-en-roblox-2021-hack.pdfIn PDF document text
    • https://gestionpatrimonial.net/images/free-robux-codes-2021-march.pdfIn PDF document text
    • http://eltisstudio.sk/images/roblox-dusk-hack.pdfIn PDF document text
    • http://zarinnameh.ir/images/google-how-to-get-free-robux.pdfIn PDF document text
    • http://shootawayproduction.com/images/free-robux-javascript-2021.pdfIn PDF document text
    • http://www.awakeningtruth.org/images/roblox-cheat-engine-bypass.pdfIn PDF document text
    • https://sdg-trade.com/images/purest-roblox-phantom-forces-hack.pdfIn PDF document text
    • http://www.maakherumusic.net/images/roblox-cheats-to-get-2021-robux-2021.pdfIn PDF document text
    • http://laboraltoledo.com/images/free-robux-no-survey-no-email.pdfIn PDF document text
    • http://linde-erbach.de/images/roblox-wizard-tycoon-hack.pdfIn PDF document text
    • http://santeh-40.ru/images/free-download-roblox-apk.pdfIn PDF document text
    • https://corbo.ru/images/free-purple-outfit-on-roblox.pdfIn PDF document text
    • http://portal.crfsp.org.br/images/robuxian-robux-hack-2021.pdfIn PDF document text
    • https://gaj.rs/images/hptts-webrobloxcom-games-2021202114-getrobustfreehere.pdfIn PDF document text
    +10 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off00008210.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x8210 27020 bytes
SHA-256: 8bc2460f207cd1b6a1a6f106eaa14677deb39f8c06c3eed2694a423cf72a2d06
font_01_sfnt_off0000bf53.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xBF53 3884 bytes
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf
font_02_sfnt_off0000cbfa.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xCBFA 18460 bytes
SHA-256: 9bc5d87f06ef04575521d29df02afd97b9f42cf2553cce075d5b7aa79475e4dc