MALICIOUS
142
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains numerous links to external websites, many of which are structured as SEO-optimized links for game hacks and cheats. The document body and heuristics indicate a clear intent to trick users into downloading files from these URLs, likely serving as a lure for malware distribution. The ML classifier strongly supports the malicious nature of this PDF.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.co/app/431946152/roblox-hack-november-2021-game-hack
- http://mbbs.hr/files/blackout-hack-roblox-download_GM431946152.pdf
- http://mbbs.hr/files/how-to-get-minecraft-windows-10-for-free-2021_GM479516143.pdf
- http://mbbs.hr/files/does-coin-master-hack-work_GM406889139.pdf
- https://mbbs.hr/files/get-free-robux_GM431946152.pdf
- https://mbbs.hr/files/hack-coin-master-using-cheat-engine_GM406889139.pdf
- http://mbbs.hr/files/gameoffice-net-hack-coin-master_GM406889139.pdf
- http://mbbs.hr/files/how-to-get-free-skins-on-coin-master_GM406889139.pdf
- https://mbbs.hr/files/free-minecraft-capes-no-mods_GM479516143.pdf
- https://mbbs.hr/files/pokemon-go-free-promo-codes-2021_GM1094591345.pdf
- http://mbbs.hr/files/hack-coin-master-ios-download_GM406889139.pdf
- https://mbbs.hr/files/coin-master-free-spins-2021-generator_GM406889139.pdf
- http://mbbs.hr/files/free-spins-coin-master-twitter_GM406889139.pdf
- https://mbbs.hr/files/unlimited-robux_GM431946152.pdf
- http://mbbs.hr/files/orewards-com-free-robux_GM431946152.pdf
- https://mbbs.hr/files/pubg-uc-esp-hack_GM1330123889.pdf
- https://mbbs.hr/files/roblox-sad-cheating-story-albert-he-cried-on-video-new_GM431946152.pdf
- https://mbbs.hr/files/coin-master-tiradas-gratis-2021_GM406889139.pdf
- http://mbbs.hr/files/how-to-hack-roblox-using-cmd_GM431946152.pdf
- https://mbbs.hr/files/how-to-hack-a-minecraft-account_GM479516143.pdf
- http://mbbs.hr/files/do-you-gey-free-robux-with-builders-club_GM431946152.pdf
- https://mbbs.hr/files/how-to-hack-a-mine
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00002fb9.binfbd31d9c1d7748a80231dc50cf77902be8154682ae3516516f16469f43408199 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2FB9 | 22972 bytes |
font_01_sfnt_off00006385.bin92516b38c5b64fe0dd9752c0dfc392bc9049ae26f56d5217ee6d2ce2c3824a18 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6385 | 19432 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.