MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
This PDF document contains a lure for a fake Roblox hack, impersonating Facebook to trick users into clicking a malicious link. The ML classifier also flagged this PDF as malicious. The embedded URL, https://gaminggenerator.org/app/431946152/roblox-hack-999.999-robux-pc-en-espaol-game-hack, is the primary indicator of this phishing attempt. No scripts were extracted, but the document structure and heuristics strongly suggest a credential phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.8290
Heuristics 4
-
Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISHDocument impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: https://gaminggenerator.org/app/431946152/roblox-hack-999.999-robux-pc-en-espaol-game-hack.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gaminggenerator.org/app/431946152/roblox-hack-999.999-robux-pc-en-espaol-game-hack PDF link annotation
- http://www.dimalcco.com/images/how-to-hack-one-mill-in-roblox.pdfIn PDF document text
- http://www.cuniv-naama.dz/images/i-want-robux-for-free-now.pdfIn PDF document text
- http://bagliomangiapane.it/images/free-codes-for-roblox-toys.pdfIn PDF document text
- http://consultinggirona.es/images/descargar-hack-roblox-jailbreak-2021.pdfIn PDF document text
- http://linde-erbach.de/images/robux-gratis-2021-hack.pdfIn PDF document text
- https://maquinasdetabaco.com/images/roblox-hack-download-jailbreak-noclip.pdfIn PDF document text
- http://www.prylfabriken.se/images/best-maps-to-hack-fly-hack-on-roblox.pdfIn PDF document text
- http://musical-arts.de/images/free-skin-tutorial-roblox-strucid.pdfIn PDF document text
- https://www.tartineartisanal.com/images/free-roblox-robux-giver-download.pdfIn PDF document text
- http://kompanievska-selrada.gov.ua/images/how-to-speed-hack-on-roblox-2021.pdfIn PDF document text
- http://www.drent.se/images/roblox-fly-hack-november-2021.pdfIn PDF document text
- https://www.ferienhausdirektkroatien.de/images/free-roblox-accounts-biz.pdfIn PDF document text
- http://fotoflas.gr/images/very-easy-roblox-hack.pdfIn PDF document text
- http://greenemiller.com/images/how-to-get-your-hacked-account-back-roblox.pdfIn PDF document text
- http://korporacjaroma.pl/images/skip-human-verification-on-roblox-hack.pdfIn PDF document text
- http://eventgo.fr/images/free-robux-generator-no-human-verification-or-survey-or-offers.pdfIn PDF document text
- http://erptrends.com/images/free-promo-codes-list-roblox.pdfIn PDF document text
- http://electro-nrg.com/images/how-to-get-free-shirts-in-roblox-2021-no-inspect.pdfIn PDF document text
- http://aessentia.com/images/how-do-u-see-if-u-r-hacked-on-roblox.pdfIn PDF document text
- http://tegeler-segler.de/images/nombre-hacker-roblox.pdfIn PDF document text
- http://kruiz21.ru/images/free-robux-instantly-no-human-verification.pdfIn PDF document text
- https://www.saisystem.it/images/how-do-you-get-free-admin-on-roblox.pdfIn PDF document text
- http://kids-academy.pl/images/how-to-speedhack-roblox-without-cheat-engine.pdfIn PDF document text
- http://www.thecoffeebaron.co.za/images/how-to-get-free-robux-2021-easy-on-ipad.pdfIn PDF document text
- http://riccardodurso.it/images/roblox-hack-guis.pdfIn PDF document text
- http://altilen.ee/images/roblox-acc-hacken.pdfIn PDF document text
- http://www.ideastreet.it/images/clothes-for-roblox-free.pdfIn PDF document text
- http://hakuna.co.za/images/how-to-get-free-roblox-2021.pdfIn PDF document text
- http://linde-erbach.de/images/on-roblox-how-to-get-free-robux-on-ipad.pdfIn PDF document text
- http://library.fikes.upnvj.ac.id/repository/como-hackear-tener-robux-gratis-con-bots.pdfIn PDF document text
- http://kompanievska-selrada.gov.ua/images/how-to-speed-hack-In PDF document text
- https://www.ferienhausdirektkroatien.de/images/free-In PDF document text
- http://greenemiller.com/images/how-to-get-your-hacked-account-In PDF document text
- http://eventgo.fr/images/free-robux-generator-no-In PDF document text
- http://electro-nrg.com/images/how-to-In PDF document text
- http://tegeler-In PDF document text
- http://kids-academy.pl/images/how-to-speedhack-roblox-without-In PDF document text
- http://riccardodurso.it/images/roblox-In PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00005ec5.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5EC5 | 27048 bytes |
SHA-256: 025b7a8c31835a8df348d45c78dd9a898e415530194611c4f99555e31ccc6d2b |
|||
font_01_sfnt_off00009cf2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9CF2 | 2844 bytes |
SHA-256: baad2f3f6808f4af03fa9398e38c580c8d846f7f773a947d8cc1f39b2753d31a |
|||
font_02_sfnt_off0000a6b3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA6B3 | 18324 bytes |
SHA-256: 07f643e1990c8a2784bbed7dbb10aca85eeb6387448326f570ac66e8a585a147 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.