MALICIOUS
90
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF document contains lures suggesting a 'how-to-hack' theme, which is a common pretext for social engineering. The presence of a 'Clipboard command execution lure' heuristic indicates the document likely instructs the user to copy and paste content into a command-line interface, such as PowerShell or cmd.exe, to execute malicious commands. Numerous external URLs are embedded, suggesting a potential download or redirection to further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 5
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/how-to-hack-on-roblox-adopt-me
- http://pgk-polaniec.pl/images/how-to-hack-someones-account-in-roblox-apex.pdf
- https://eleganceautospa.ca/images/roblox-black-pants-white-shoes-free.pdf
- http://www.drent.se/images/free-robux-that-actually-works-2021.pdf
- http://fotoflas.gr/images/how-do-you-enspect-to-get-free-robux.pdf
- https://www.ergolight.at/images/how-does-roblox-get-hacked.pdf
- http://briankellyforcongress.com/images/does-roblox-have-a-built-in-anti-exploit-anti-cheat.pdf
- http://ehma.com/images/free-robux-no-human.pdf
- http://www.awakeningtruth.org/images/hack-jailbreak-roblox-7-february-2021.pdf
- http://bkd1.balikpapan.go.id/images/roblox-online-game-free-no-download.pdf
- https://www.cnte.org.br/images/roblox-free-limited-faces.pdf
- http://optsuvenir.by/images/fencing-hacks-roblox.pdf
- http://domaizdereva24.ru/images/roblox-money-hack-2021.pdf
- http://a1scan3d.com/images/400-million-robux-free.pdf
- https://www.iadh.bi/images/free-roblox-shoulder-pets.pdf
- https://www.poiskavia.ru/images/give-me-free-robux-now.pdf
- http://bwharrisalumniusa.org/images/javascript-hack-roblox.pdf
- http://www.rezbb.sk/images/how-to-make-your-t-shirt-free-on-roblox.pdf
- http://www.hawler.in/images/cheats-to-get-money-in-roblox-jailbreak.pdf
- https://www.saisystem.it/images/1x1x1x1x-roblox-hack.pdf
- http://kim-kinder-im-mittelpunkt.de/images/free-money-generator-cbr-roblox.pdf
- http://forsazh-51.ru/images/hack-to-get-money-on-roblox.pdf
- http://evp-sanorlenok.ru/images/how-to-hack-robux-on-ipad.pdf
- http://ferienwohnung-walker.de/images/free-4-mobile-24-roblox.pdf
- https://ghpa.ru/images/pastebin-roblox-free-catalog-dominus.pdf
- http://www.nielsen2u.dk/images/free-dominus-roblox-code.pdf
- https://semanasantacehegin.com/images/hack-para-android-roblox.pdf
- http://gremihostaleria.cat/images/free-exectuer-roblox.pdf
- https://consorziocsa-asicaivano.it/images/free-robux-games-that-work-2021.pdf
- https://www.cosmosdawn.net/images/secure-payment-with-roblox-free-robux.pdf
- https://arcasict.nl/images/flame-hacks-roblox.pdf
- https://www.shin.ge/images/free-robux-shirt.pdf
- http://www.visiblefilm.com/images/how-to-get-free-robux-on-laptop.pdf
- https://masseymotorcars.com/images/hacker-website-for-roblox.pdf
- http://learningarabic.co.uk/images/labyrinth-roblox-hacks.pdf
- http://haertetechnik-steinbach.de/images/how-to-get-robux-for-free-on-a-comuter.pdf
- https://tokunfome.com.br/images/how-to-get-free-admin-in-roblox.pdf
- http://www.oberberger.it/images/can-you-give-limited-for-free-in-roblox.pdf
- https://domoticaaplicada.com/images/roblox-phantom-forces-free-hack.pdf
- http://almacargo.com/images/roblox-hole-in-the-wall-cheat.pdf
- http://jobsy.com.sg/images/geld-cheat-roblox.pdf
- http://www.gadanie.lv/images/roblox-april-fools-hack-wiki.pdf
- https://www.najeebqasmi.com/images/roblox-t-shirt-free-adidas.pdf
- http://ns1.radiofacil.net/images/free-robux-2021-october.pdf
- http://nevesomost.by/images/how-ro-get-free-robux-with-pastebin.pdf
- https://gestionpatrimonial.net/images/hack-robloxcom-robux.pdf
- https://www.lomrad.go.th/images/hacker-outfit-roblox.pdf
- http://escolaarboc.cat/images/roblox-cheat-codes-shift.pdf
- http://cdescolapios.org/images/robux-hack-without-human-verification-or-survey.pdf
- http://www.eurosan1.ba/images/free-roblox-soldier-gfx-ww2.pdf
+12 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008311.bine131795a35009a1db3a8f1856cfe51b20a4d0d6d48cc938528bad73cd56541ae |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8311 | 27008 bytes |
font_01_sfnt_off0000bede.bin40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBEDE | 3884 bytes |
font_02_sfnt_off0000cb85.bind7d35d16f41197877fd7aa38ac254ed5098e97c852533d21da7bfe999abbcca6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCB85 | 18372 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.