MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a lure for free Robux, a common tactic in phishing and scam campaigns. The embedded URL points to a suspicious domain that likely hosts a secondary payload or redirects to a malicious site. The ML classifier also flagged this PDF as malicious with high confidence. Although no scripts were explicitly extracted, the presence of external URIs and the overall context suggest a malicious intent to trick users into downloading or visiting a harmful resource.
Machine Learning
- Nyx PDF Classifier malicious score 0.9865
Heuristics 4
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.tw/app/431946152/robux-free-real-2021-game-hack
- http://library.thamrin.ac.id/repository/easy-how-to-get-free-robux_GM431946152.pdf
- http://library.thamrin.ac.id/repository/free-online-games-like-minecraft_GM479516143.pdf
- http://library.thamrin.ac.id/repository/roblox-free-followers_GM431946152.pdf
- http://library.thamrin.ac.id/repository/aimbot-download-roblox_GM431946152.pdf
- http://library.thamrin.ac.id/repository/coin-and-spin-link_GM406889139.pdf
- http://library.thamrin.ac.id/repository/coinmaster-gps-user-review-coinmaster-coin-master-hack-pagedemo-index_GM406889139.pdf
- http://library.thamrin.ac.id/repository/how-to-hack-roblox-accounts-on-phone-2021_GM431946152.pdf
- http://library.thamrin.ac.id/repository/coin-master-free-spins-links-2021_GM406889139.pdf
- http://library.thamrin.ac.id/repository/coin-master-apk-hack-download_GM406889139.pdf
- http://library.thamrin.ac.id/repository/can-you-get-free-robux-on-roblox_GM431946152.pdf
- http://library.thamrin.ac.id/repository/free-mojang-account-with-minecraft_GM479516143.pdf
- http://library.thamrin.ac.id/repository/how-to-get-robux-without-human-verification_GM431946152.pdf
- http://library.thamrin.ac.id/repository/free-robux-script_GM431946152.pdf
- http://library.thamrin.ac.id/repository/roblox-hack-generator_GM431946152.pdf
- http://library.thamrin.ac.id/repository/free-coin-master-spins-blog_GM406889139.pdf
- http://library.thamrin.ac.id/repository/how-to-get-minecraft-for-free-on-tablet_GM479516143.pdf
- http://library.thamrin.ac.id/repository/minecraft-mac-free_GM479516143.pdf
- http://library.thamrin.ac.id/repository/free-play-on-roblox_GM431946152.pdf
- http://library.thamrin.ac.id/repository/minecraft-sign-up-free_GM479516143.pdf
- http://library.thamrin.ac.id/repository/how-to-get-free-spins-on-coin-master_GM406889139.pdf
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004cde.bin175e05ab89fe048b21002ea886cb165ba0be38439e1dade21020c708f2c170c9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4CDE | 24304 bytes |
font_01_sfnt_off00008472.bin30206b6abde46d75459a6ebe1e297f8d7d14bb673c6dcd06488e9607375463fd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8472 | 18720 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.