MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains a lure impersonating Facebook, directing users to download Roblox-related content via a malicious URL. The presence of a visual download button and the ML classifier flagging the PDF as malicious strongly suggest a credential phishing or malware distribution attempt. The primary URL identified is http://gaminggenerator.org/app/431946152/descargar-roblox-para-android-hack.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 4
-
Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISHDocument impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: http://gaminggenerator.org/app/431946152/descargar-roblox-para-android-hack.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/descargar-roblox-para-android-hack PDF link annotation
- http://kundentest.de/images/what-day-does-john-doe-hack-roblox.pdfIn PDF document text
- http://iacovoulaw.com/images/roblox-yammy-hacking.pdfIn PDF document text
- https://www.babik-po.cz/images/free-robux-no-surveys-or-human-verify.pdfIn PDF document text
- http://www.copoint.co.uk/images/2021-free-robux-windows-81.pdfIn PDF document text
- http://erptrends.com/images/why-there-is-no-roblox-level-7-free.pdfIn PDF document text
- https://www.cnte.org.br/images/roblox-highschool-hack-script.pdfIn PDF document text
- https://www.tartineartisanal.com/images/youtube-how-to-get-free-robux-2021.pdfIn PDF document text
- http://wokbaarlo.nl/images/whow-to-hack-somebody-on-roblox.pdfIn PDF document text
- http://vagency.us/images/free-roblox-tshirts-download.pdfIn PDF document text
- https://bancroftandsons.com/images/roblox-give-tool-hack-pastebin.pdfIn PDF document text
- http://bwharrisalumniusa.org/images/free-expired-items-on-roblox.pdfIn PDF document text
- http://stsbih.com.ba/images/best-free-catalog-items-in-roblox.pdfIn PDF document text
- https://zszolesno.pl/images/roblox-gift-card-codes-hack.pdfIn PDF document text
- http://internetdeputy.com/images/free-uploader-roblox-exploit.pdfIn PDF document text
- https://inspiration-modellbau.de/images/how-to-get-any-item-on-roblox-for-free.pdfIn PDF document text
- https://www.najeebqasmi.com/images/2021-free-robux-202120210-working-legggggit.pdfIn PDF document text
- http://www.occquimica.com.br/images/actually-free-robux-promo-codes-2021.pdfIn PDF document text
- http://selectionspdf.fr/images/how-to-make-a-hacking-script-for-roblox.pdfIn PDF document text
- http://asiasieja.pl/images/roblox-robux-hack-script-jquery.pdfIn PDF document text
- http://micromegamondo.com/images/get-free-robux-on-robloxcom.pdfIn PDF document text
- http://learningarabic.co.uk/images/roblox-free-download-uptodown.pdfIn PDF document text
- http://baofrance.com/images/roblox-vehicle-simulator-cheats-xbox-one.pdfIn PDF document text
- http://www.eurologistiki.gr/images/how-to-redeem-a-free-code-on-roblox.pdfIn PDF document text
- https://lobergetart.se/images/how-to-hack-roblox-with-windows-7.pdfIn PDF document text
- http://engelum.com/images/counter-blox-roblox-offensive-wall-hack.pdfIn PDF document text
- http://verenacrow.at/images/hexaria-roblox-hack.pdfIn PDF document text
- http://torkelson.se/images/blocky-world-free-robux.pdfIn PDF document text
- http://www.drent.se/images/free-shirts-on-roblox-2021.pdfIn PDF document text
- http://portal.crfsp.org.br/images/roblox-medieval-warfare-hack.pdfIn PDF document text
- https://www.wildpark-johannismuehle.de/images/roblox-speed-hack-cheat-engine-vermillion.pdfIn PDF document text
- http://svp-steinmaur.ch/images/free-package-com-roblox.pdfIn PDF document text
- http://energotestcontrol.ru/images/hack-roblox-booga-booga-2021.pdfIn PDF document text
- http://www.thecoffeebaron.co.za/images/roblox-hack-robux-descargar.pdfIn PDF document text
- https://www.tsdb.com.au/images/free-roblox-game-card-codes-2021.pdfIn PDF document text
- http://vipservice-bg.com/images/how-to-free-robux-2021.pdfIn PDF document text
- http://atelierweb.it/images/how-to-get-free-robux-with-pastebin-2021.pdfIn PDF document text
- http://ernstgloves.co.il/images/africa-but-its-copyright-free-roblox-id.pdfIn PDF document text
- http://echosvoix.ch/images/hackear-cuentas-de-roblox.pdfIn PDF document text
- http://www.jureclomas.com.ar/images/how-to-make-roblox-shirts-for-free.pdfIn PDF document text
- https://pa-pangkalpinang.go.id/images/how-to-get-free-clothes-on-roblox-iphone.pdfIn PDF document text
- http://kruiz21.ru/images/comment-telecharger-un-logiciel-de-hack-dur-roblox.pdfIn PDF document text
- http://www.eurologistiki.gr/images/roblox-piano-hack-no-download.pdfIn PDF document text
- http://instrutech.co.th/images/roblox-hack.pdfIn PDF document text
- http://bit-sky.com/images/5-robux-for-free.pdfIn PDF document text
- http://consultinggirona.es/images/how-to-hack-into-roblox-acc.pdfIn PDF document text
- http://svp-steinmaur.ch/images/how-to-get-free-robux-javascript-2021.pdfIn PDF document text
- http://asiashop-france.fr/images/code-how-to-get-50-free-crystals-roblox-miners-haven.pdfIn PDF document text
- http://ericvanpraet.eu/images/cara-cheat-roblox-android.pdfIn PDF document text
- https://semanasantacehegin.com/images/joining-groups-will-be-free-on-roblox.pdfIn PDF document text
+17 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008278.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8278 | 25180 bytes |
SHA-256: 2af429ba9e887e6f8e1e5e2fd7b6ce3f9570ed55dadf7ca2cdbdeed56298edf8 |
|||
font_01_sfnt_off0000bb51.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBB51 | 2832 bytes |
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2 |
|||
font_02_sfnt_off0000c501.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC501 | 18812 bytes |
SHA-256: 4138be9e05aa7075f2c34a9e75f4d57d2878ed6e467c6eeac745e0f0de1da4d5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.