SUSPICIOUS
50
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document was flagged as suspicious by an ML classifier. It uses an urgency-based lure. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 4
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/roblox-free-download-ios PDF link annotation
- http://aeroclub-kaernten.at/images/roblox-studio-download-free-android.pdfIn PDF document text
- https://ceiprevellodetoro.org/images/100-real-free-robux.pdfIn PDF document text
- http://muko-unterfranken.info/images/roblox-how-to-get-free-clothes-2021.pdfIn PDF document text
- http://brusivojimi.com/images/roblox-tix-hack-no-survey.pdfIn PDF document text
- https://www.milewood.co.uk/images/free-robux-by-wtaching-ads.pdfIn PDF document text
- http://www.isril.it/images/how-to-hack-to-get-free-robux-easy.pdfIn PDF document text
- https://esl.ipb.ac.id/images/how-to-hack-accounts-on-roblox-on-ipad.pdfIn PDF document text
- http://abletrustcare.com/images/roblox-play-as-geust-for-free.pdfIn PDF document text
- http://www.lovecraftiana.com.ar/images/roblox-hack-apk-download-android.pdfIn PDF document text
- https://weightlessriding.com/images/free-robux-for-kids-no-vertification.pdfIn PDF document text
- http://rushxpress.de/images/roblox-free-robux-july-2021.pdfIn PDF document text
- http://www.jureclomas.com.ar/images/cheat-codes-for-roblox-pet-simulator.pdfIn PDF document text
- https://www.gymun.cz/images/jailbreak-app-way-to-get-free-robux.pdfIn PDF document text
- https://bancroftandsons.com/images/how-to-hack-roblox-accounts-no-download.pdfIn PDF document text
- https://fkg.usu.ac.id/images/roblox-accounts-for-robux-for-free-geko97.pdfIn PDF document text
- https://www.ausecus.com/images/roblox-robux-hack-no-survey.pdfIn PDF document text
- http://muko-unterfranken.info/images/2021-robux-free.pdfIn PDF document text
- https://bancroftandsons.com/images/roblox-sword-art-online-burst-cheats.pdfIn PDF document text
- http://ordineingsa.it/images/roblox-hacks-leak-forums.pdfIn PDF document text
- https://farkas.de/images/inspect-to-get-free-robux.pdfIn PDF document text
- http://garrisonjazz.com/images/free-roblox-steamy-xxx-vids-lol.pdfIn PDF document text
- http://stitchingart.com/images/roblox-money-cheat-rocitizens.pdfIn PDF document text
- http://www.cosver.nl/images/free-roblox-no-plsy-stor.pdfIn PDF document text
- https://www.beaufortcollege.ie/images/can-you-get-free-robux-from-the-file-explorer.pdfIn PDF document text
- http://kruiz21.ru/images/cheat-engine-works-on-roblox.pdfIn PDF document text
- https://enpav.it/images/hack-icebreak-roblox.pdfIn PDF document text
- http://kruiz21.ru/images/roblox-dumb-smart-cheater.pdfIn PDF document text
- http://hydroconseil.com/images/robux-hack-download.pdfIn PDF document text
- https://inscastellar.cat/images/executor-hack-for-roblox.pdfIn PDF document text
- http://smart-pro.co.uk/images/best-meme-tshirts-on-roblox-free.pdfIn PDF document text
- http://torkelson.se/images/roblox-csgo-hacks.pdfIn PDF document text
- http://www.remiauclair.fr/images/como-descargar-hacks-para-roblox-prison-life-en-miedafire.pdfIn PDF document text
- https://www.mrsz.ir/images/how-to-hack-people-for-real-on-roblox.pdfIn PDF document text
- http://vagency.us/images/roblox-admin-hack-apk.pdfIn PDF document text
- http://hk-kan.org/images/free-robux-ohne-veriefizierung.pdfIn PDF document text
- https://gomsa.nl/images/cheat-codes-in-work-out-simulator-in-roblox.pdfIn PDF document text
- http://italymania.ru/images/free-v3rmillion-roblox.pdfIn PDF document text
- https://www.europap.cz/images/aimbot-hack-roblox-script.pdfIn PDF document text
- http://piadaandco.it/images/how-to-download-hacks-on-roblox.pdfIn PDF document text
- http://www.pacoestrada.it/images/really-scary-roblox-games-to-pla-free.pdfIn PDF document text
- https://www.yewtreealpacas.co.uk/images/boku-no-roblox-remastered-hack-auto-farm.pdfIn PDF document text
- https://www.stayon.no/images/increible-hack-robux-pastebincom-80b1sjzp-davidtoasa.pdfIn PDF document text
- http://ff-obertraun.at/images/cheat-roblox-dungeon-quest-installer.pdfIn PDF document text
- http://giolantapepe.gr/images/roblox-cheat-injector.pdfIn PDF document text
- http://stitchingart.com/images/piano-player-hack-for-roblox.pdfIn PDF document text
- http://boliviagasenergia.com/images/free-gfx-roblox.pdfIn PDF document text
- http://santjoandelesabadesses.cat/images/how-to-hack-builderman-roblox-account-2021.pdfIn PDF document text
- http://thomas-hartl.at/images/free-robux-pewdiepie-ultimate-gamer-365.pdfIn PDF document text
- http://svp-steinmaur.ch/images/roblox-hack-ingame-money-cheat-engine.pdfIn PDF document text
+10 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off000080bd.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x80BD | 26604 bytes |
SHA-256: eba3ff99abb0723ace842659d8bfea7cb14556e95c40cd0f4f7c9c41640fe95e |
|||
font_01_sfnt_off0000bc7a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBC7A | 3312 bytes |
SHA-256: 40bd8eebcb3a0d68a8646f1930e84f30a44bfa48525263c6c528f0bc1e9c1677 |
|||
font_02_sfnt_off0000c7c9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC7C9 | 18268 bytes |
SHA-256: 3f3e69b7bcebc9a3438896cb88669e40ccce11f548f4436b21e9e26a06df04b1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.