SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains a clear call-to-action to download a "Hack Roblox Lumber Tycoon 2" from a provided URL. While no scripts were directly extracted, the presence of numerous embedded URLs and a high ML classifier score suggest malicious intent, likely leading to the download of a secondary payload. The document's content and structure are consistent with a phishing or malware distribution lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.5391
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/download-hack-roblox-lumber-tycoon-2 PDF link annotation
- http://vagency.us/images/roblox-free-wings-avatar.pdfIn PDF document text
- https://komakinosite.jp/images/roblox-code-free.pdfIn PDF document text
- https://www.wildpark-johannismuehle.de/images/free-injector-roblox-hacks.pdfIn PDF document text
- https://www.eglihotel.gr/images/how-to-get-2021202120212021-robux-for-free.pdfIn PDF document text
- http://www.hawler.in/images/dll-hack-roblox-phantom-forces.pdfIn PDF document text
- http://legs11.co.za/images/hacks-para-roblox-aimbot-en-strucid.pdfIn PDF document text
- http://www.elis-strechy.cz/images/how-to-get-free-admin-on-roblox-hack.pdfIn PDF document text
- http://www.isril.it/images/how-to-fix-a-hacked-roblox-game.pdfIn PDF document text
- http://gops.pruszczgdanski.pl/images/site-fxcker-roblox-hack.pdfIn PDF document text
- http://www.comitatoiseo.org/images/how-to-get-free-robux-inspect-element-2021.pdfIn PDF document text
- https://socialvalue.gr/images/roblox-laser-tycoon-cheats.pdfIn PDF document text
- https://www.fhccu.com/images/free-red-hair-in-roblox.pdfIn PDF document text
- http://wcasrock.org/images/roblox-highschool-hack-script-pastebin-money.pdfIn PDF document text
- http://jdlwealth.com/images/star-code-roblox-hack.pdfIn PDF document text
- http://daksz.hu/images/how-to-get-free-audio-jailbreak-roblox.pdfIn PDF document text
- https://bapalaye.org/images/hacking-of-roblox-accounts.pdfIn PDF document text
- http://jugendfeuerwehr-scheinfeld.de/images/how-to-hack-on-roblox-with-cheat-engine.pdfIn PDF document text
- http://www.beged.at/images/pastebin-roblox-hack-script.pdfIn PDF document text
- http://internetdeputy.com/images/clicksfly-free-robux.pdfIn PDF document text
- http://www.sapaengineering.kz/images/free-roblox-game-stolen.pdfIn PDF document text
- http://echosvoix.ch/images/how-to-free-robux-ad.pdfIn PDF document text
- http://behsanroshd.com/images/download-free-cool-roblox-outfits-for-man.pdfIn PDF document text
- http://kruiz21.ru/images/roblox-speed-hack-june-1-2021.pdfIn PDF document text
- http://gremihostaleria.cat/images/roblox-grand-blox-auto-money-cheat.pdfIn PDF document text
- http://www.rezbb.sk/images/roblox-elemental-battlegrounds-hacks-win10-2021.pdfIn PDF document text
- http://medimacs.eu/images/how-to-get-the-antine-villa-roblox-free.pdfIn PDF document text
- http://agrupamentoescolas-alfredo-da-silva.com/images/roblox-hack-2021-robux-download.pdfIn PDF document text
- https://osk-sibir.ru/images/roblox-money-hack-mad-city-2021-safe.pdfIn PDF document text
- http://www.evaplast.by/images/nike-t-shirt-roblox-free.pdfIn PDF document text
- https://servotecnica.com/images/how-to-get-free-robux-in-meep-city.pdfIn PDF document text
- http://smart-pro.co.uk/images/cheat-roblox-mad-city-money.pdfIn PDF document text
- http://salantiskis.lt/images/pastebin-free-robux-no-waiting.pdfIn PDF document text
- https://osk-sibir.ru/images/robux-live-stream-hack.pdfIn PDF document text
- http://cleanteclogistics.com/images/start-earning-free-robux-today.pdfIn PDF document text
- http://nosocomium.rv.ua/images/roblox-cheats-uhrzeit-ndern.pdfIn PDF document text
- http://rafaelmontesinos.com/images/robux-hack-android-no-verification.pdfIn PDF document text
- https://www.sauvonsleclimat.org/images/how-do-you-get-tickets-on-roblox-for-free.pdfIn PDF document text
- http://the-specials.ch/images/roblox-hack-999999-robux-pc-2021-august.pdfIn PDF document text
- https://www.wijhalenhetop.nl/images/mega-hack-roblox.pdfIn PDF document text
- http://aistplus.ru/images/roblox-sword-simulator-power-hack.pdfIn PDF document text
- http://uptodate.az/images/how-to-hack-the-swat-clothes-in-roblox.pdfIn PDF document text
- http://soma.com.ua/images/desc-this-obby-will-get-you-free-robux-without-password.pdfIn PDF document text
- http://gops.pruszczgdanski.pl/images/freer-robux-codes.pdfIn PDF document text
- http://instrutech.co.th/images/how-to-change-your-username-on-roblox-for-free.pdfIn PDF document text
- https://gzog.pl/images/roblox-bc-free-trial.pdfIn PDF document text
- http://eventgo.fr/images/free-promo-codes-for-roblox-clothes.pdfIn PDF document text
- http://cosver.eu/images/free-redeem-code-roblox.pdfIn PDF document text
- http://famoirs.co.uk/images/free-roblox-mobile-app.pdfIn PDF document text
- http://76remont-kvartir.ru/images/roblox-free-robux-gift-card-codes.pdfIn PDF document text
+12 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off0000821a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x821A | 25616 bytes |
SHA-256: 0b1b24c48ee21c96b524d9a79e94f2ddf80482acc63b49babb31f0e6d7ea4d5b |
|||
font_01_sfnt_off0000bbc9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBBC9 | 2832 bytes |
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2 |
|||
font_02_sfnt_off0000c579.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC579 | 18928 bytes |
SHA-256: ede96f4893a15112829597013196fc75871b4f6d86a3d9f47b3b247e21ad5286 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.