SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/free-roblox-hack PDF link annotation
- https://www.coriglianocalabro.it/images/roblox-scary-hack-music.pdfIn PDF document text
- http://www.eurologistiki.gr/images/jeuxvideo-free-robux.pdfIn PDF document text
- https://fkg.usu.ac.id/images/to-play-roblox-for-free.pdfIn PDF document text
- https://www.porthos.it/images/how-to-hack-the-powerplant-inside-roblox.pdfIn PDF document text
- http://lv-siegen.de/images/god-hack-roblox-2021.pdfIn PDF document text
- http://salantiskis.lt/images/roblox-account-free-with-robux-2021.pdfIn PDF document text
- http://svp-steinmaur.ch/images/being-hacked-in-roblox-tofuu.pdfIn PDF document text
- http://ktn.com.br/images/roblox-comment-cheat.pdfIn PDF document text
- http://uctovnictvosnv.sk/images/free-powergrip-gauntlet-roblox-parkour.pdfIn PDF document text
- http://smartint.com.my/images/roblox-mouse-free.pdfIn PDF document text
- http://global-tech-security.be/images/kazok-robux-hack.pdfIn PDF document text
- http://mittlenberg.ch/images/roblox-robux-robux-robux-free.pdfIn PDF document text
- http://only1you.ru/images/how-to-hack-assassin-roblox-2021.pdfIn PDF document text
- http://linens.kiev.ua/images/free-l-robux-2021-roblox.pdfIn PDF document text
- http://eddieblum.nl/images/free-robux-generator-pro.pdfIn PDF document text
- http://www.actae.gr/images/free-money-is-roblox.pdfIn PDF document text
- http://eltisstudio.sk/images/roblox-hacks-w.pdfIn PDF document text
- http://apostolosandreaslemesou.com/images/como-tener-robux-infinitos-sin-hacks.pdfIn PDF document text
- https://www.iadh.bi/images/free-alt-accounts-roblox.pdfIn PDF document text
- https://www.udivadlahotel.cz/images/free-codes-for-roblox-clothes.pdfIn PDF document text
- https://www.u-pin-it.com/images/free-old-roblox-account-new-may-2021.pdfIn PDF document text
- http://www.mediaxin.net/images/free-virtual-items-codes-roblox.pdfIn PDF document text
- http://chjames.com.au/images/free-robux-hacks-may-2021.pdfIn PDF document text
- https://verdensbarn.no/images/roblox-email-for-hacked-account.pdfIn PDF document text
- https://www.air-shop.cz/images/how-to-play-roblox-for-free-without-downloading-it.pdfIn PDF document text
- http://texnes-plus.gr/images/free-roblox-3d-loading-screen.pdfIn PDF document text
- http://www.exikom.com.ua/images/pro-tv-robux-hack.pdfIn PDF document text
- http://www.malonmalon.com.ar/images/free-exploits-for-roblox-online.pdfIn PDF document text
- http://www.inservis.cl/images/hacking-prison-life-roblox.pdfIn PDF document text
- http://www.laborvetro.org/images/cheat-codes-to-get-robux-on-roblox.pdfIn PDF document text
- https://cdu-lengerich.de/images/island-royale-roblox-hack-esp-script-pastebin.pdfIn PDF document text
- https://www.devries-group.de/images/free-roblox-accounts-2021-with-robux-real.pdfIn PDF document text
- https://www.sauvonsleclimat.org/images/roblox-snow-shoveling-simulator-free-santa-bag-inf.pdfIn PDF document text
- http://evro-okna.net/images/hack-de-robux.pdfIn PDF document text
- http://kruiz21.ru/images/how-to-get-everything-free-on-roblox-2021.pdfIn PDF document text
- http://dottgagliardi.com/images/how-to-get-free-robux-iphone-7.pdfIn PDF document text
- http://zibai.eu/images/free-groups-to-claim-roblox.pdfIn PDF document text
- http://www.lascalamilanowallcovering.it/images/how-to-hack-back-a-roblox-accunt.pdfIn PDF document text
- http://garciamadeirascampinas.com.br/images/free-red-hoodie-roblox.pdfIn PDF document text
- http://domaizdereva24.ru/images/coolkid-roblox-hack.pdfIn PDF document text
- http://ecoleduchat-grenoble.fr/images/roblox-vehihicle-simulaot-hacks.pdfIn PDF document text
- http://gops.pruszczgdanski.pl/images/dll-dor-roblox-hacks.pdfIn PDF document text
- http://www.cosver.nl/images/free-robux-2021-hack.pdfIn PDF document text
- http://evp-sanorlenok.ru/images/hack-na-robux-bez-podawania-numeru-telefonu.pdfIn PDF document text
- http://gops.pruszczgdanski.pl/images/hackeando-en-roblox.pdfIn PDF document text
- https://www.wadowice24.pl/images/download-cheats-for-roblox.pdfIn PDF document text
- http://hondenspecialist-engelien.nl/images/am-i-being-hacked-on-roblox.pdfIn PDF document text
- https://elite-house.su/images/what-does-free-modeled-mean-in-roblox.pdfIn PDF document text
- http://www.jureclomas.com.ar/images/free-roblox-rich-accounts.pdfIn PDF document text
+10 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00007fe4.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7FE4 | 27532 bytes |
SHA-256: 0a20e5f22c84d0c048f1f17fc18e47cadf5280d59430582ecf932ab65af61c28 |
|||
font_01_sfnt_off0000bd7c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBD7C | 2832 bytes |
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2 |
|||
font_02_sfnt_off0000c72c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC72C | 17716 bytes |
SHA-256: 8f90a95de63d54149f71194fbc5b7c7c7d1dc4c74f4e5818b812394ed5381014 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.