SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains multiple embedded URLs and a prominent call-to-action related to downloading a 'Roblox Hack'. The ML classifier also flagged the PDF as malicious. While no scripts were directly extracted, the presence of external links suggests an attempt to redirect the user to a malicious site for downloading potentially harmful software.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/roblox-hack-download-apocalypse-rising PDF link annotation
- https://gomsa.nl/images/top-10-roblox-groups-for-free-robux.pdfIn PDF document text
- http://axia-verlag.at/images/is-free-robux-fake.pdfIn PDF document text
- https://meltonschool.org/images/free-robux-guide.pdfIn PDF document text
- http://www.friendshiptransport.net/images/free-robux-no-survey-no-download-2021-ios.pdfIn PDF document text
- https://www.essentracomponents.com.my/images/how-to-change-your-health-on-roblox-with-cheat-engine.pdfIn PDF document text
- http://bkd1.balikpapan.go.id/images/how-to-hack-roblox-accounts-passwords-2021.pdfIn PDF document text
- https://www.ncscolour.no/images/free-robux-hack-by-justin-master.pdfIn PDF document text
- http://britishcomics.com/images/free-roblox-jailbreak.pdfIn PDF document text
- http://dos.most.gov.la/images/how-to-hack-in-boku-no-roblox.pdfIn PDF document text
- https://www.hbproducts.dk/images/roblox-robux-generator-free-robux.pdfIn PDF document text
- http://bullyinformate.org/images/free-military-costume-roblox.pdfIn PDF document text
- https://www.cfdcnv.com/images/javascript-robux-free.pdfIn PDF document text
- https://www.millatgears.com/images/9-legit-ways-to-get-free-robux.pdfIn PDF document text
- http://nosocomium.rv.ua/images/roblox-bloxburg-free-100k.pdfIn PDF document text
- https://www.cpnf.ch/images/free-roblox-boy-hair-not-a-model.pdfIn PDF document text
- https://corbo.ru/images/adopt-me-pets-roblox-how-to-get-free-bucks.pdfIn PDF document text
- http://autenticohostalsalou.com/images/roblox-hacks-with-windows-8.pdfIn PDF document text
- http://www.kalaaliaraq.dk/images/get-free-server-host-roblox-got-talent.pdfIn PDF document text
- https://esl.ipb.ac.id/images/black-adidas-t-shirt-roblox-free.pdfIn PDF document text
- http://www.jureclomas.com.ar/images/hack-para-texting-simulator-roblox-bitoneum.pdfIn PDF document text
- http://dos.most.gov.la/images/roblox-booga-booga-cheat-engine-how-to-get-unlimited-essence.pdfIn PDF document text
- https://waterpark.by:443/images/how-to-get-free-stuff-in-dungeon-quest-roblox.pdfIn PDF document text
- http://www.fluidtech.hu/images/roblox-robux-hack-2021-october.pdfIn PDF document text
- https://www.wildpark-johannismuehle.de/images/roblox-jailbreak-noclip-hack-download.pdfIn PDF document text
- http://bibliotheque-perrigny-les-dijon.fr/images/paypal-roblox-hack.pdfIn PDF document text
- http://www.web.stc-part.co.th/images/how-to-hack-an-abandoned-roblox-account.pdfIn PDF document text
- http://yioipzafeiri.gr/images/free-robux-apk-extension.pdfIn PDF document text
- https://www.gymun.cz/images/roblox-script-injector-free.pdfIn PDF document text
- http://mechanism.gr/images/how-to-get-offsale-stuff-on-roblox-free.pdfIn PDF document text
- https://semanasantacehegin.com/images/can-cheat-engine-get-you-banned-roblox.pdfIn PDF document text
- https://gafaseo.com/images/roblox-free-admin-script-pastebin.pdfIn PDF document text
- http://jointworkstudio.com/images/roblox-flood-escape-cheats.pdfIn PDF document text
- http://www.fanciullovito.it/images/hack-to-join-flamingo-in-roblox.pdfIn PDF document text
- https://www.hbproducts.dk/images/hack-roblox-reddit.pdfIn PDF document text
- http://www.htc.edu.au/images/free-robux-codes-no-verification-2021.pdfIn PDF document text
- http://eddegrootassurantien.nl/images/how-to-get-free-clothes-no-robux-of-freinds.pdfIn PDF document text
- https://bdsm-centrum.com/images/how-to-get-2021-robux-for-free-no-hacks.pdfIn PDF document text
- http://ims-77.fr/images/roblox-hack-links.pdfIn PDF document text
- http://moto98.com/images/how-to-get-robux-easy-hack.pdfIn PDF document text
- http://internetdeputy.com/images/free-perm-admin-roblox.pdfIn PDF document text
- http://lechia-sedziszow.pl/images/roblox-noclip-hack-download-jailbreak.pdfIn PDF document text
- http://androidthai.in.th/images/how-can-i-get-robux-free.pdfIn PDF document text
- http://www.lascalamilanowallcovering.it/images/roblox-any-game-hack-download.pdfIn PDF document text
- http://iluvlocalplaces.com/images/how-hack-roblox-games.pdfIn PDF document text
- http://svp-steinmaur.ch/images/omega-roblox-hack.pdfIn PDF document text
- http://talkingbudgie.com/images/roblox-accounts-for-sale-free.pdfIn PDF document text
- http://greasley.online/images/robux-hack-2021-fluxx.pdfIn PDF document text
- http://goosesscuba.com/images/roblox-hack-fr-pc.pdfIn PDF document text
- http://www.hawler.in/images/rob-hacker-robux-generator.pdfIn PDF document text
+18 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008459.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8459 | 25144 bytes |
SHA-256: 398b3f717f2935126250e29fa93708d6ba0a2903a046f9ff6a61d565d62a654f |
|||
font_01_sfnt_off0000bc45.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBC45 | 3884 bytes |
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf |
|||
font_02_sfnt_off0000c8ec.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC8EC | 19024 bytes |
SHA-256: 67404e9d36a5449fb519f7cae859c2ad6a84bdb29b67ce6d72d80d023584f3d5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.