MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document contains numerous URLs and lures users with promises of free in-game currency for popular games like Roblox and Coin Master. The presence of a direct download URL and the ML classifier's high confidence score indicate a malicious intent to deliver a payload. The document body and embedded URLs suggest a phishing or scam attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 4
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.co/app/431946152/how-to-get-money-in-roblox-for-free-ipad-game-hack
- https://digilib.stieama.ac.id/repository/minecraft-hack-download_GM479516143.pdf
- https://digilib.stieama.ac.id/repository/is-java-minecraft-free_GM479516143.pdf
- https://digilib.stieama.ac.id/repository/easy-robux-today-com_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/installer-roblox-hacker-sur-pc_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/free-robux-games-on-roblox_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/roblox-comroblox_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/hacks-para-roblox-2021-jailbreak_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/coin-master-free-coins-cheat_GM406889139.pdf
- https://digilib.stieama.ac.id/repository/minecraft-java-edition-free_GM479516143.pdf
- https://digilib.stieama.ac.id/repository/comment-hacker-roblox-avec-cmd_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/roblox-hack-gg-uardikan_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/safe-ways-to-get-free-robux_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/how-do-i-get-free-coins-in-coin-master_GM406889139.pdf
- https://digilib.stieama.ac.id/repository/bloxawards-com-earn-free-robux_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/i-robux-hack_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/free-roblox-promo-c_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/coin-master-hack-without-human-verification_GM406889139.pdf
- https://digilib.stieama.ac.id/repository/how-to-recive-free-knives-for-murder-mystery-on-roblox_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/roblox-redeem-robux_GM431946152.pdf
- https://digilib.stieama.ac.id/repository/how-to-get-free-robux-by-playing-games_GM431946152.pdf
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00003333.bine0df38bb3d0555da8eb377134f9381b1bc3424316e4e6329a79db9cae1a020e9 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3333 | 22444 bytes |
font_01_sfnt_off000064e3.bin2b31580bc845d22e8b45680391802492394738205bbb5b41518f0ea6d048e1a4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64E3 | 19644 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.