MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
This PDF document was flagged as malicious by an ML classifier. It uses brand-impersonation credential phishing. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.7795
Heuristics 4
-
Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISHDocument impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: http://gaminggenerator.org/app/431946152/serveur-discord-hack-roblox-fr.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/serveur-discord-hack-roblox-fr PDF link annotation
- http://kulturhusbabberich.nl/images/how-to-get-free-things-in-roblox-2021.pdfIn PDF document text
- http://eddegrootassurantien.nl/images/free-robux-generator-2021-vrai.pdfIn PDF document text
- https://www.abrapppe.org.br/images/how-to-reach-with-cheat-engine-on-roblox.pdfIn PDF document text
- http://www.kalaaliaraq.dk/images/wizard-life-roblox-money-hack.pdfIn PDF document text
- https://www.iadh.bi/images/speed-hack-on-roblox-prison-life.pdfIn PDF document text
- http://sandra-masemann.de/images/roblox-hack-deutsch-auf-pc.pdfIn PDF document text
- https://www.cosmosdawn.net/images/roblox-jailbreak-speed-hack-download.pdfIn PDF document text
- https://cintasoeste.com.ar/images/free-accounts-from-2021-with-robux.pdfIn PDF document text
- http://mydevice.com.au/images/hack-cuenta-roblox-2021-pastebin.pdfIn PDF document text
- http://www.rezbb.sk/images/free-robux-games-that-work-2021.pdfIn PDF document text
- http://www.centrodelsorriso.it/images/a-free-robux-site.pdfIn PDF document text
- https://pemadamapi.net/images/roblox-hack-robux-cheat-engine-61.pdfIn PDF document text
- http://medimacs.eu/images/chaosity-roblox-hack.pdfIn PDF document text
- http://classicskitours.net/images/roblox-noclip-in-cheat-engine-2021.pdfIn PDF document text
- https://bapalaye.org/images/want-to-get-free-robux.pdfIn PDF document text
- https://beejekorf.nl/images/how-to-get-unlimited-free-robux-on-roblox-2021.pdfIn PDF document text
- http://www.jureclomas.com.ar/images/free-robux-no-human-vetifycation.pdfIn PDF document text
- http://www.maakherumusic.net/images/roblox-restaurant-tycoon-cheat-engine.pdfIn PDF document text
- https://www.najeebqasmi.com/images/how-to-know-if-you-got-hacked-on-roblox.pdfIn PDF document text
- http://wokbaarlo.nl/images/how-to-hack-assassin-in-roblox.pdfIn PDF document text
- http://www.eurologistiki.gr/images/installer-cheat-roblox.pdfIn PDF document text
- http://dshikr.ru/images/free-account-giveaway-roblox.pdfIn PDF document text
- http://poltekkeskhjogja.ac.id/images/free-face-roblox-hack.pdfIn PDF document text
- http://aviaprofsoyuz.info/images/roblox-highschool-cheat-codes.pdfIn PDF document text
- http://www.anies.eu/images/roblox-free-shirt-not-model.pdfIn PDF document text
- http://abletrustcare.com/images/free-robux-pastebin-link.pdfIn PDF document text
- https://helsoft.se/images/free-roblox-items-codes.pdfIn PDF document text
- https://www.sitiwebjoomla.it/images/hack-mod-menu-roblox-2021.pdfIn PDF document text
- http://prodajalec.si/images/roblox-zone-robux-hack.pdfIn PDF document text
- http://www.pbconsulting.it/images/roblox-out-of-the-cheater-cage-script.pdfIn PDF document text
- http://jijel.info/images/free-robux-hack-2021-no-human-verification.pdfIn PDF document text
- http://lv-siegen.de/images/hack-this-site-roblox.pdfIn PDF document text
- https://www.alu-as.cz/images/free-roblox-codes-2021.pdfIn PDF document text
- https://liceucastrodelapenya.com/images/cheat-codes-on-roblox-xbox-one.pdfIn PDF document text
- http://legs11.co.za/images/free-groups-to-be-claimed-roblox.pdfIn PDF document text
- https://www.yewtreealpacas.co.uk/images/rolbox-robux-inspect-hack.pdfIn PDF document text
- https://sitam.co.in/images/roblox-hack-robux-app.pdfIn PDF document text
- http://kcr-rochlitz.de/images/free-robux-generator-codes.pdfIn PDF document text
- https://pa-waingapu.go.id/images/free-font-that-looks-like-roblox.pdfIn PDF document text
- https://texcarmats.com/images/roblox-anti-hacking-saving.pdfIn PDF document text
- http://learningarabic.co.uk/images/anti-speed-hack-script-undetected-roblox.pdfIn PDF document text
- http://schlossschaenke-andernach.de/images/auto-clicker-for-mac-roblox-free-2021.pdfIn PDF document text
- http://caraless.com/images/hack-roblox-phone.pdfIn PDF document text
- https://treeconsult.de/images/roblox-robux-hack-online-generator-tool.pdfIn PDF document text
- http://bi-bordtennis.dk/images/how-to-get-robux-easy-and-free.pdfIn PDF document text
- http://florentineholding.com/images/cheat-mod-roblox.pdfIn PDF document text
- http://safari-crimea.com/images/how-to-noclip-through-walls-roblox-hack.pdfIn PDF document text
- http://pa-tanjungselor.go.id/images/faces-on-roblox-for-free.pdfIn PDF document text
- http://eddegrootassurantien.nl/images/free-robux-generator-2021-In PDF document text
+15 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008001.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8001 | 25732 bytes |
SHA-256: a10529208a0ac3ab8c51ad85ef469ade47dfb8fc32717187a524112fd02a1140 |
|||
font_01_sfnt_off0000b9b5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB9B5 | 18624 bytes |
SHA-256: 05a790c0d81bfd5ae02163c9a79a2009bd3490aa7dc37a7de2ded98c152c1d43 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.