MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains numerous links and a call-to-action phrase, all related to "Roblox hacks" and "generators". The presence of external URIs and a high ML classifier score indicate malicious intent. The document likely serves as a lure to trick users into downloading a second-stage payload from one of the provided URLs.
Machine Learning
- Nyx PDF Classifier malicious score 0.9836
Heuristics 4
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.xyz/app/431946152/hacking-on-mano-county-roblox-game-hack PDF link annotation
- https://lib.stie-yai.ac.id/repository/free-robux-no-human-verification-no-survey-2021.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/roblox-free-dominus-hack.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/dantdm-get-free-robux.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/i-got-hacked-playing-roblox.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/how-to-hack-roblox-with-terminal.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/free-robux-2021-code-jamais-utiliser.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/roblox-hack-noclip-download-pc-2021-13-feb.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/cmd-hacks-for-roblox.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/free-robux-obby-2021.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repository/roblox-jason-mask-free.pdfIn PDF document text
- https://lib.stie-yai.ac.id/repositoIn macro / runtime command snippet
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000040de.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x40DE | 24892 bytes |
SHA-256: 56fa1b0b789e162bd5031d99b40ec4306c44c120866a8d6f516d138d28a0845f |
|||
font_01_sfnt_off000078a8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x78A8 | 2844 bytes |
SHA-256: baad2f3f6808f4af03fa9398e38c580c8d846f7f773a947d8cc1f39b2753d31a |
|||
font_02_sfnt_off0000826a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x826A | 19212 bytes |
SHA-256: c13d0aef5372d33c4a8ed146cb74e54fcee9d30f1c658307916f8d59deba178a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.