SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The document contains multiple URLs related to Roblox hacks and free currency, with one prominent URL identified as a potential download source. The ML classifier strongly flagged this PDF as malicious, and the presence of embedded URLs and a call-to-action button suggests a phishing or malware distribution attempt. No scripts were extracted, but the overall context points to a social engineering lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9941
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.xyz/app/431946152/free-robux-and-v-bucks-game-hack PDF link annotation
- https://lib-stie.yai.ac.id/repository/roblox-free-limited-faces.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/how-to-hack-roblox-2021-easy.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/infini-speed-roblox-cheat.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/best-and-easiest-roblox-hack-for-robux.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/free-robux-generator-kid-friendly.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/cheat-robux-cheat-engine.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/how-to-get-free-robux-jefftec.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/descargar-roblox-hackeado-con-robux.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/roblox-backdoor-gamez-to-hack.pdfIn PDF document text
- https://lib-stie.yai.ac.id/repository/free-promotional-codes-roblox.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00003f57.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3F57 | 25680 bytes |
SHA-256: 564161e39ee4e3d7c911f6d25c79222952803269a5256f4584f30d6df9eb9ded |
|||
font_01_sfnt_off000078da.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x78DA | 18492 bytes |
SHA-256: 341237ee0cf3f94e346ddfd4ff78ffffcb4398da41f3e02ff00d295f553e4aa5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.