SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/how-to-be-a-vip-on-roblox-cheat PDF link annotation
- http://standart-lab.ru/images/script-roblox-hack.pdfIn PDF document text
- http://www.hawler.in/images/cheats-to-get-money-in-roblox-jailbreak.pdfIn PDF document text
- https://www.ncscolour.no/images/how-to-get-free-robux-without-downloading-apps-2021.pdfIn PDF document text
- http://www.pcclawyers.com.au/images/free-robux-accounts-2021.pdfIn PDF document text
- http://www.marambio.com.ar/images/new-hack-for-roblox-deathrun-2021-november-pc.pdfIn PDF document text
- http://www.anies.eu/images/cheat-cash-roblox.pdfIn PDF document text
- https://www.coriglianocalabro.it/images/roblox-a-free-virtual-world.pdfIn PDF document text
- http://aiyta.com/images/how-to-cheat-at-roblox.pdfIn PDF document text
- http://www.rezbb.sk/images/roblox-azure-mines-cheat-scripts.pdfIn PDF document text
- http://www.adravietnam.org/images/best-lvl-7-roblox-hack.pdfIn PDF document text
- http://jakthund.org/images/free-roblox-group-giving-robux.pdfIn PDF document text
- http://piadaandco.it/images/roblox-hacks-fo-building-on-bloxburg-site-youtubecom.pdfIn PDF document text
- https://sitam.co.in/images/how-to-get-free-robux-inspect-element-console.pdfIn PDF document text
- http://riccardodurso.it/images/how-do-people-get-robux-without-hacking.pdfIn PDF document text
- https://www.hbproducts.dk/images/roblox-summer-event-free-robux.pdfIn PDF document text
- http://bibliotheque-perrigny-les-dijon.fr/images/free-robux-hourly-giveaway.pdfIn PDF document text
- https://gomsa.nl/images/roblox-hack-demonstration.pdfIn PDF document text
- https://bapalaye.org/images/free-admin-roblox-mega-vip.pdfIn PDF document text
- http://muko-unterfranken.info/images/free-bighead-roblox.pdfIn PDF document text
- http://posterprintshop.nl/images/cookies-roblox-hack.pdfIn PDF document text
- https://www.dachytarasowe.eu/images/account-stealing-hack-roblox-2021.pdfIn PDF document text
- http://echosvoix.ch/images/robux-gives-roblox-free.pdfIn PDF document text
- http://medicalafrica.net/images/hacks-for-roblox-strucid.pdfIn PDF document text
- http://lichtdrukkerijwijchen.nl/images/get-free-get-lol-roblox-shirt.pdfIn PDF document text
- http://www.hotelcimone.it/images/roblox-murder-mystery-2-candies-hack.pdfIn PDF document text
- https://www.tsdb.com.au/images/roblox-mad-city-money-hack.pdfIn PDF document text
- http://ivalor.fr/images/roblox-fashion-frenzy-free.pdfIn PDF document text
- http://gremihostaleria.cat/images/free-roblox-commercial.pdfIn PDF document text
- http://demenagementlandry.com/images/how-to-get-free-robux-without-hacking-2021.pdfIn PDF document text
- http://www.viniperfetti.com/images/roblox-free-robux-no-fake.pdfIn PDF document text
- https://www.gymun.cz/images/roblox-free-objet.pdfIn PDF document text
- http://www.hawler.in/images/noclip-cheat-engine-roblox.pdfIn PDF document text
- https://www.udivadlahotel.cz/images/pastebin-free-robux-2021.pdfIn PDF document text
- http://www.fluidtech.hu/images/hack-roblox-link-mad-city.pdfIn PDF document text
- http://centuriatus.com/images/noclip-script-roblox-hack.pdfIn PDF document text
- https://gigbagwinkel.nl/images/free-backpack-roblox.pdfIn PDF document text
- http://armatrutz.de/images/how-to-hack-roblox-pet-training.pdfIn PDF document text
- https://www.bmta.co.uk/images/free-roblox-2021-accounts.pdfIn PDF document text
- http://kermas.eu/images/games-that-can-give-you-free-robux.pdfIn PDF document text
- https://hbln.org.au/images/roblox-free-robux-hack-script.pdfIn PDF document text
- http://linde-erbach.de/images/how-do-you-get-followers-on-roblox-hack.pdfIn PDF document text
- http://schrichte.de/images/how-to-get-free-vip-in-roblox-fashion-famous.pdfIn PDF document text
- https://esl.ipb.ac.id/images/how-to-hack-into-my-roblox-account.pdfIn PDF document text
- https://www.fhccu.com/images/free-robux-landon.pdfIn PDF document text
- https://arcasict.nl/images/roblox-robux-hack-no-survey-no-download.pdfIn PDF document text
- http://prohsa.com/images/dead-by-roblox-bloodpoints-hack.pdfIn PDF document text
- https://cdu-lengerich.de/images/how-to-hack-someone-home-in-roblox.pdfIn PDF document text
- https://corbo.ru/images/free-obc-codes-roblox.pdfIn PDF document text
- https://www.cosmosdawn.net/images/free-roblox-birthday-card.pdfIn PDF document text
+11 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off0000813a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x813A | 27368 bytes |
SHA-256: 245d53e6b277e9925c016ea05551e22cc861dc4b6da6a8929c2d233eeb7ad686 |
|||
font_01_sfnt_off0000c020.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC020 | 3884 bytes |
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf |
|||
font_02_sfnt_off0000ccc7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCCC7 | 18116 bytes |
SHA-256: e5beb355ed92b2ebf8730d216d3e258ddf8c13ad7934809611b045def8853fb9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.