SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains numerous URLs, many of which are related to 'Roblox hacks' or 'free Robux', suggesting a social engineering lure. The presence of an external URI heuristic firing on 'http://gaminggenerator.org/app/431946152/hack-inventary-roblox' further supports this. While no scripts were explicitly extracted, the ML classifier flagged the PDF as malicious, indicating a high likelihood of malicious intent, likely to trick users into downloading a secondary payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/hack-inventary-roblox PDF link annotation
- http://bau-lk.de/images/free-robux-growbuxnet.pdfIn PDF document text
- https://reggieslockandkey.com/images/roblox-password-cracker-free-download.pdfIn PDF document text
- http://kruiz21.ru/images/roblox-scp-site-61-hack.pdfIn PDF document text
- http://webstan.be/images/roblox-thomas-wooden-railway-free-demo.pdfIn PDF document text
- http://legs11.co.za/images/unpatchable-robux-hack-robuxian-website.pdfIn PDF document text
- https://www.cnte.org.br/images/how-to-get-roblox-codes-for-free.pdfIn PDF document text
- http://www.eurologistiki.gr/images/cheats-for-meep-city-roblox.pdfIn PDF document text
- https://www.beaufortcollege.ie/images/gift-card-free-online-roblox.pdfIn PDF document text
- https://pagadder.com/images/eviction-notice-roblox-hack.pdfIn PDF document text
- http://canadatowers.com/images/roblox-real-hack-robux.pdfIn PDF document text
- https://corbo.ru/images/roblox-robux-hack-android.pdfIn PDF document text
- https://reggieslockandkey.com/images/how-to-get-free-robux-fast-and-easy-2.pdfIn PDF document text
- https://gigbagwinkel.nl/images/is-it-possible-to-hack-robux.pdfIn PDF document text
- https://www.udivadlahotel.cz/images/how-to-get-free-things-from-the-catalog-on-roblox.pdfIn PDF document text
- http://tecnodue.com/images/codes-to-get-free-vip-in-roblox.pdfIn PDF document text
- https://www.wildpark-johannismuehle.de/images/shirt-ash-on-roblox-free-on-shirt.pdfIn PDF document text
- http://fsgtoday.com/images/how-to-hack-accounts-on-roblox-and-no-logout.pdfIn PDF document text
- https://technospektr.com.ua/images/cheats-in-wolves-life-3-roblox.pdfIn PDF document text
- http://www.eaapiaria.es/images/roblox-new-shoot-through-walls-hack.pdfIn PDF document text
- http://www.fanciullovito.it/images/how-to-get-free-robux-guava-juice.pdfIn PDF document text
- http://www.homesweethome.pl/images/god-hack-on-roblox-with-check-cashed.pdfIn PDF document text
- https://wandersuechtig.de/images/how-to-execute-my-hack-scripts-in-roblox.pdfIn PDF document text
- http://loszavera.com/images/hjow-to-get-free-robux.pdfIn PDF document text
- http://shahriyarclimb.com/images/roblox-free-100k-robux.pdfIn PDF document text
- https://pemadamapi.net/images/pain-exist-hack-roblox.pdfIn PDF document text
- https://stroyzakazremont.ru/images/free-roblox-codes-2021-may.pdfIn PDF document text
- http://biccairo.com/images/game-freak-free-robux.pdfIn PDF document text
- http://reisebild.eu/images/did-biggy-get-robux-free-norris-nuts.pdfIn PDF document text
- http://kfz-ilg.com/images/how-to-hack-someone-on-roblox-vermillion.pdfIn PDF document text
- http://apkmaykop.ru/images/cheat-engine-that-works-for-roblox.pdfIn PDF document text
- http://nevesomost.by/images/cheat-code-for-zoo-tycoon-money-roblox.pdfIn PDF document text
- http://eliteprofkosmetik.com.ua/images/how-to-get-free-robux-without-hacking-2021.pdfIn PDF document text
- http://zarinnameh.ir/images/cheat-engine-roblox-this-game-has-shut-down.pdfIn PDF document text
- http://sexythings.gr/images/better-generator-free-robux.pdfIn PDF document text
- http://aeroclub-kaernten.at/images/how-to-hack-stats-on-roblox.pdfIn PDF document text
- https://www.coriglianocalabro.it/images/how-to-hack-anyones-account-on-roblox-2021.pdfIn PDF document text
- http://bassacctaxservices.com/images/roblox-jailbreak-airdrop-spawn-hack.pdfIn PDF document text
- http://grupodin.com.br/images/roblox-sex-cheat.pdfIn PDF document text
- http://seniorenverband-brh-nds.de/images/roblox-reason-2-die-money-hack.pdfIn PDF document text
- https://www.hbproducts.dk/images/free-gear-on-the-roblox-catalog.pdfIn PDF document text
- https://semanasantacehegin.com/images/how-to-get-free-robux-sign-up.pdfIn PDF document text
- http://arcnjournals.org/images/how-do-i-hack-into-someones-roblox-account.pdfIn PDF document text
- https://laconce.com/images/dll-dor-roblox-hacks.pdfIn PDF document text
- https://www.saisystem.it/images/how-to-use-inspect-element-to-hack-roblox-2021.pdfIn PDF document text
- https://www.lavigny.ch/images/cool-exploits-for-roblox-totaly-safe-and-free.pdfIn PDF document text
- http://www.maakherumusic.net/images/diamond-roblox-hack.pdfIn PDF document text
- http://www.htc.edu.au/images/free-roblox-card-pins-2021.pdfIn PDF document text
- http://swibome.nl/images/roblox-vip-server-jailbreak-free.pdfIn PDF document text
- http://www.mjclautrec.fr/images/free-livr-emerald-giveaways-roblox-direct.pdfIn PDF document text
+12 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008004.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8004 | 26120 bytes |
SHA-256: a40ff97bdf2e63fb71cd5dc5e2404b9f3b0d89b5457f1099d79fdbeac21cd657 |
|||
font_01_sfnt_off0000bb74.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBB74 | 2832 bytes |
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2 |
|||
font_02_sfnt_off0000c524.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC524 | 18116 bytes |
SHA-256: 0c5e5b5dd2829db37517afaf07a40d5f81d44b8693a503352717d6b51017f797 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.