Malicious PDF — malware analysis report

Heuristics 5

• Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
  Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
• Clickable URI points to raw IP address medium PDF_URI_IP_LITERAL
  PDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://netcdn.xyz/app/431946152/how-to-get-free-robux-without-paying-game-hack PDF link annotation

  • http://urezerv.com/images/free-robux-without-verification-or-survey_GM431946152.pdfIn PDF document text
  • http://urezerv.com/images/free-premium-roblox_GM431946152.pdfIn PDF document text
  • http://urezerv.com/images/como-hackear-coin-master-2021_GM406889139.pdfIn PDF document text
  • http://urezerv.com/images/coin-master-links-to-free-spins_GM406889139.pdfIn PDF document text
  • http://192.168.0.99/%20%3Cp%3E%3Cp%3EHow%20can%20you%20get%20Robux%20for%20free%20on%20Roblox?%20What%20you%20need%20to%20do%20is%20just%20putting%20your%20username,%20select%20the%20amount%20of%20robux%20you%20prefer%20and%20complete%20human%20verification.%20Finally,%20robux%20that%20you%20generate%20will%20send%20instant%20into%20your%20roblox%20account%20without%20login%20detail%20need.%3Cp%3E%3Cp%3Ehow%20to%20hack%20one%20punch%20man%20roblox.%20how%20to%20get%20hacked%20roblox%20account%20back.%20Click%20on%20the%20below%20button%20to%20get%20free%20Robux%20codes.%20roblox%20hacking%20lessons.%20Report%20Robux%20Hack%20No%20Human%20Verification%20-%20How%20To%20Actually%20Get%20Free%20Robux%20-%20How%20To%20Get%20Free%20Robux%20On%20Android%20Submit%20a%20report%20Let%20us...%3Cp%3E%3Cp%3E%3Cstrong%3EReferences:%3C/strong%3E%3C/p%3E%3Cp%3E%3Ca%20href=In PDF document text
  • http://192.168.0.99/%20%3Cp%3E%3Cp%3EHow%20can%20you%20get%20Robux%20for%20free%20on%20Roblox?%20What%20you%20need%20to%20do%20is%20just%20putting%20your%20username,%20select%20the%20amount%20of%20robux%20you%20prefer%20and%20complete%20human%20verification.%20Finally,%20robux%20that%20you%20generate%20will%20send%20instant%20into%20your%20roblox%20account%20without%20login%20detail%20need.%3Cp%3E%3Cp%3Ehow%20to%20hack%20one%20punch%20man%20roblox.%20how%20to%20get%20hacked%20roblox%20account%20PDF link annotation
  • http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.