SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains numerous embedded URLs and a heuristic firing for PDF_URI, indicating an attempt to redirect the user to external malicious content. The document body mentions "Roblox Mac Cheat Engine" and the presence of many related URLs suggests a lure for users seeking cheats or hacks, likely leading to malware download. The ML classifier also flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.8119
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/roblox-mac-cheat-engine PDF link annotation
- https://accord.kiev.ua/images/roblox-generator-robux-free-promise-not-a-lie.pdfIn PDF document text
- http://dos.most.gov.la/images/roblox-google-chrome-hack.pdfIn PDF document text
- https://verdensbarn.no/images/hack-volar-roblox.pdfIn PDF document text
- https://accord.kiev.ua/images/gamekit-roblox-free-robux.pdfIn PDF document text
- http://www.eurologistiki.gr/images/roblox-how-to-hack-kohls-admin-house.pdfIn PDF document text
- http://aeroclub-kaernten.at/images/roblox-hack-ios-2021.pdfIn PDF document text
- https://www.beaufortcollege.ie/images/free-robux-generator-2021-no-scam.pdfIn PDF document text
- http://agrao.in/images/roblox-games-that-can-give-you-free-robux.pdfIn PDF document text
- http://bilhetim.com.br/images/bape-roblox-free-tshirt.pdfIn PDF document text
- http://uctovnictvosnv.sk/images/how-to-get-free-robux-no-hack-or-cheat-2021.pdfIn PDF document text
- http://echosvoix.ch/images/free-robux-no-verification-download.pdfIn PDF document text
- http://www.lycee-langevin-wallon.com/images/free-dominus-roblox-tampermonkey.pdfIn PDF document text
- https://www.hbproducts.dk/images/hacker-scp-roblox.pdfIn PDF document text
- https://jdlgroup.ca/images/robux-free-without-offers.pdfIn PDF document text
- http://www.eurosan1.ba/images/how-to-change-your-roblox-user-free.pdfIn PDF document text
- https://www.elevage-chiot.fr/images/roblox-jailbreak-new-hack.pdfIn PDF document text
- http://www.evaplast.by/images/free-rixty-codes-roblox.pdfIn PDF document text
- https://www.fhccu.com/images/roblox-speed-hack-download-2021.pdfIn PDF document text
- https://consorziocsa-asicaivano.it/images/roblox-redeem-card-codes-2021-free-robux.pdfIn PDF document text
- https://verdensbarn.no/images/how-to-hack-roblox-for-unlimited-robux.pdfIn PDF document text
- http://www.malonmalon.com.ar/images/cap-free-roblox.pdfIn PDF document text
- http://www.inservis.cl/images/free-script-executor-level-7-roblox-2021.pdfIn PDF document text
- http://gops.pruszczgdanski.pl/images/breaking-point-tips-and-tricks-and-hacks-roblox.pdfIn PDF document text
- http://www.lionel-seppoloni.fr/images/free-assassin-coins-roblox.pdfIn PDF document text
- http://poltekkeskhjogja.ac.id/images/roblox-free-shopping-apk.pdfIn PDF document text
- https://verdensbarn.no/images/how-to-change-your-name-for-free-roblox.pdfIn PDF document text
- https://www.sitiwebjoomla.it/images/roblox-skins-girl-free.pdfIn PDF document text
- http://www.drent.se/images/free-roblox-clothes-on-phone.pdfIn PDF document text
- https://www.hotschool.com.au/images/roblox-hack-how-to-get-free-tix.pdfIn PDF document text
- http://zarinnameh.ir/images/cheat-buddy-roblox-download.pdfIn PDF document text
- https://verdensbarn.no/images/your-cheating-on-your-roblox-girlfriend-meme.pdfIn PDF document text
- https://www.elevage-chiot.fr/images/robux-hack-no-download-2021.pdfIn PDF document text
- https://www.udivadlahotel.cz/images/free-roblox-accounts-list.pdfIn PDF document text
- https://www.millatgears.com/images/free-roblox-account-generator-old-accounts.pdfIn PDF document text
- http://www.eurosan1.ba/images/how-to-get-free-robux-on-pc.pdfIn PDF document text
- http://bilhetim.com.br/images/get-free-robux-in-robolx.pdfIn PDF document text
- https://www.eglihotel.gr/images/roblox-lost-game-hack-script.pdfIn PDF document text
- http://escolaarboc.cat/images/uncopylocked-free-robux-hack-account.pdfIn PDF document text
- http://www.lycee-langevin-wallon.com/images/get-free-robux-wuthout-any-human-verification.pdfIn PDF document text
- http://gops.pruszczgdanski.pl/images/roblox-hide-and-seek-cheat.pdfIn PDF document text
- http://legs11.co.za/images/roblox-account-hacked-ebay.pdfIn PDF document text
- https://www.hotschool.com.au/images/critical-strike-hacks-roblox.pdfIn PDF document text
- https://www.elevage-chiot.fr/images/roblox-spongebob-hacker.pdfIn PDF document text
- https://www.cnte.org.br/images/roblox-how-to-get-free-robux-obby.pdfIn PDF document text
- https://socialvalue.gr/images/10-games-that-give-you-free-robux.pdfIn PDF document text
- https://kimolos-link.gr/images/robux-hack-real-no-survays.pdfIn PDF document text
- http://www.gadanie.lv/images/roblox-qweerial-cheat.pdfIn PDF document text
- http://www.lycee-langevin-wallon.com/images/pin-robux-free.pdfIn PDF document text
- https://www.cnte.org.br/images/free-roblox-gift-card-codes.pdfIn PDF document text
+2 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000056da.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x56DA | 23908 bytes |
SHA-256: c22430bb459fbb4a9a78f7d365c482bec01c3a0dc50c84a897b894502125a4dc |
|||
font_01_sfnt_off00008d25.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8D25 | 5696 bytes |
SHA-256: 450e3ee45915afe13702bf1d587eb8b9ad88a8d2113419ac9f2fd116a828e139 |
|||
font_02_sfnt_off00009a36.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9A36 | 18264 bytes |
SHA-256: 91ea24425a525d53f232d406e911a59c3d385753173a13c7f60140c766287fde |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.