MALICIOUS
72
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The file is a PDF document that contains external links, one of which is explicitly identified as a lure for a 'Roblox Cbro Free Money Hack'. ClamAV also detected this file as 'Pdf.Phishing.Roblox062100-9873116-0', indicating a phishing or malicious intent. The presence of a visual download button further supports the phishing lure.
Machine Learning
- Nyx PDF Classifier clean score 0.1052
Heuristics 4
-
ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/roblox-cbro-free-money-hack PDF link annotation
- http://asiashop-france.fr/images/army-roblox-free-play.pdfIn PDF document text
- http://brandyourbody.com/images/good-outfit-ideas-for-free-roblox.pdfIn PDF document text
- https://www.sauvonsleclimat.org/images/can-we-get-free-robux.pdfIn PDF document text
- http://www.campiresine.it/images/roblox-free-rthros.pdfIn PDF document text
- https://septik-montag.ru/images/roblox-walkspeed-hack-cheat-engine.pdfIn PDF document text
- http://smart-pro.co.uk/images/rxgate-cf-free-robux-redeem-code.pdfIn PDF document text
- http://ivpr.net/images/free-gears-on-roblox.pdfIn PDF document text
- https://sdg-trade.com/images/gladiator-now-we-are-free-roblox-song.pdfIn PDF document text
- http://www.arredifunebri.com/images/como-utilizar-cheat-engine-en-roblox-2021.pdfIn PDF document text
- http://pa-tanjungselor.go.id/images/announcer-hack-roblox.pdfIn PDF document text
- http://ns1.radiofacil.net/images/free-cool-roblox-templates.pdfIn PDF document text
- https://bapalaye.org/images/free-robux-generator-without-download-and-human-verification.pdfIn PDF document text
- https://www.cpnf.ch/images/shinobi-life-roblox-hack.pdfIn PDF document text
- http://naturschutzgossau-zh.ch/images/how-to-gett-free-robux.pdfIn PDF document text
- https://studentcareerinfo.com/images/roblox-b-tools-hack.pdfIn PDF document text
- http://seniorenverband-brh-nds.de/images/complete-this-obey-to-get-free-robux.pdfIn PDF document text
- http://infoagronomia.com.ar/images/roblox-animatronic-world-hack.pdfIn PDF document text
- http://jackson-pr.com/images/roblox-juwelen-hack-mad-paintball.pdfIn PDF document text
- http://babbibooth.com/images/roblox-cant-die-hack.pdfIn PDF document text
- http://jackson-pr.com/images/hacker-roblox-fr.pdfIn PDF document text
- https://pastebinIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00037518.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x37518 | 25572 bytes |
SHA-256: 094c4e20d1372ab1b75e997f76ea8955b10d273e7a097c187db87c02b20dba9c |
|||
font_01_sfnt_off0003aecb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3AECB | 11440 bytes |
SHA-256: 154d59d1680f2d1e38ccb783d6997f344290d121007e51df331726de4128c12e |
|||
font_02_sfnt_off0003c9ec.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3C9EC | 18256 bytes |
SHA-256: 58c860d929996c8aeda2d455e21990940e13c3b7f4eddb863a692bb84ea7f02b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.