SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains multiple embedded URLs and a heuristic firing for an external URI, suggesting it is designed to redirect users to malicious websites. The document body's content, focusing on game hacks and cheating, serves as a lure to encourage clicks on these links. The ML classifier's high confidence score further supports the malicious nature of this file.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.co/app/431946152/can-i-get-banned-from-a-roblox-game-for-cheating-game-hack PDF link annotation
- http://library.yamasi.ac.id//repository/coin-master-free-spin-and-coins-links-2021_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/coin-master-hack-spins-download_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/roblox-tp-hack-ccv7_GM431946152.pdfIn PDF document text
- http://library.yamasi.ac.id//repository/play-coin-master_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/free-op-minecraft-servers_GM479516143.pdfIn PDF document text
- http://library.yamasi.ac.id//repository/robux-website_GM431946152.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/coin-master-twitter-free-spins_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id//repository/free-links-coin-master_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/roblox-hacks-mas-fuertes_GM431946152.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/coin-master-games-hack_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id//repository/como-hackear-coin-master-en-espaol_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id//repository/hacked-roblox-game_GM431946152.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/coin-master-spin-link-today-2021_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/coin-master-100-spin_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/free-clothes-for-roblox-2021-youtube_GM431946152.pdfIn PDF document text
- http://library.yamasi.ac.id//repository/coin-master-free-spins-twitter_GM406889139.pdfIn PDF document text
- http://library.yamasi.ac.id//repository/minecraft-java-edition-free-code_GM479516143.pdfIn PDF document text
- http://library.yamasi.ac.id//repository/how-to-get-free-robux-on-roblox_GM431946152.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/free-roblox-shirt-templates_GM431946152.pdfIn PDF document text
- http://library.yamasi.ac.id/repository/how-to-get-free-stuff-on-roblox-2021-mobile_GM431946152.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000033d1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x33D1 | 23328 bytes |
SHA-256: 598b50e5277cc9ff7f34a5b24d28786cc3453370d303c0ef91bbc0109b574318 |
|||
font_01_sfnt_off000067b7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67B7 | 19472 bytes |
SHA-256: 408dbd7a6cf19439e272b4f8ba36608832cae2be052d44155706d2a442de087f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.