PDF malware analysis — malicious · 5d093cb875e9fd31

MALICIOUS

PDF

2.5 KB Created: 2021-05-13 16:00:28 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29

MD5: 0205ee2b8039f4a405e536162a1ef14a SHA-1: 5b19e0f10c67b3f3ff69eaf6f14d4d9af6a9eb92 SHA-256: 5d093cb875e9fd31638e1008f5a48652e77e548daafff2d14c4c2fa258bf8445

74 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF file contains a link disguised as a 'free generator / game hack' for Roblox, a common lure for phishing or malware distribution. The ML classifier strongly indicated maliciousness. No scripts were extracted, but the embedded URL is the primary indicator of malicious intent, likely leading to a credential harvesting page or a malware download.

Machine Learning

Nyx PDF Classifier malicious score 0.9740

Heuristics 3

PDF links to a 'free generator / game hack' redirector high PDF_GAME_HACK_REDIRECT_LURE

PDF's clickable action targets a redirector of the form /app/<id>/<slug>-game-hack — the landing-page shape of a large SEO 'free spins / generator / game hack' lure family that funnels victims through rotating disposable hosts to a malware/scam payload. The multi-link variants also trip ML/link-farm rules; this catches the single-link variants that otherwise score clean.
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://netcdn.xyz/app/431946152/password-free-roblox-accounts-game-hack PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.