MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains embedded URLs and document body text that explicitly mention 'free Robux' and 'hacks', combined with a 'Click here to download' call to action. The PDF_MALICIOUS_REDIRECTOR_LINK heuristic firing confirms that at least one of the embedded URLs points to known malicious infrastructure. This suggests the document is designed as a lure for a scam or to deliver a malicious payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9814
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.xyz/app/431946152/fhow-to-ge-free-robux-no-scam.com-game-hack In PDF document text
- https://fridaytravelnepal.com/userfiles/files/roblox-chat-commands-hack.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/hacks-in-jailbreak-roblox.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/how-to-put-cheats-into-big-paintball-on-roblox.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/free-robux-without-verification-or-survey.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/roblox-dbo-stat-hack.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/coolest-free-roblox-items.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/free-robux-no-survey-2021.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/roblox-was-hacked.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/completely-black-pants-roblox-free.pdfIn PDF document text
- https://fridaytravelnepal.com/userfiles/files/how-to-hack-pizzeria-roleplay-remastered-roblox.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00004219.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x4219 | 28052 bytes |
SHA-256: 8451498d123adf1fd42b8dc5986045f73bfdb81777933eddb6ba6f06c134f58b |
|||
font_01_sfnt_off00008212.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8212 | 3884 bytes |
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf |
|||
font_02_sfnt_off00008eb9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8EB9 | 18900 bytes |
SHA-256: 169f107b6832ba9ced5b033ee0163f385c514b520fc299d3599c743a202d0898 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.