MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains multiple embedded URLs, with a primary focus on luring users to a site offering 'free robux' or similar in-game currency. The heuristic 'SE_PASSWORD_ARCHIVE_LURE' suggests that the document may be intended to trick users into believing they need a password to access an archive, a common tactic to bypass security filters. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 4
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.tw/app/835599320/tiktok-free-robux-codes-game-hack
- http://library.yamasi.ac.id/repository/pubg-uc-top-up-center_GM1330123889.pdf
- http://library.yamasi.ac.id//repository/coin-master-free-coins-and-spins-hack_GM406889139.pdf
- http://library.yamasi.ac.id/repository/free-tiktok-followers-no-survey_GM835599320.pdf
- http://library.yamasi.ac.id/repository/coin-master-daily-free-spins-and-coins-link_GM406889139.pdf
- http://library.yamasi.ac.id/repository/how-to-get-free-robux-flame-gg_GM431946152.pdf
- http://library.yamasi.ac.id//repository/minecraft-iphone-free_GM479516143.pdf
- http://library.yamasi.ac.id/repository/free-robux-discord-servers_GM431946152.pdf
- http://library.yamasi.ac.id/repository/free-robux-not-a-scam_GM431946152.pdf
- http://library.yamasi.ac.id/repository/hack-5-2021-de-roblox-jailbreak_GM431946152.pdf
- http://library.yamasi.ac.id/repository/robux-free-no-surveys-or-password_GM431946152.pdf
- http://library.yamasi.ac.id//repository/free-roblox-pin-codes_GM431946152.pdf
- http://library.yamasi.ac.id//repository/how-to-get-free-things-on-roblox_GM431946152.pdf
- http://library.yamasi.ac.id//repository/minecraft-building-hacks_GM479516143.pdf
- http://library.yamasi.ac.id/repository/roblox-free-items-2021_GM431946152.pdf
- http://library.yamasi.ac.id//repository/minecraft-mod-menu_GM479516143.pdf
- http://library.yamasi.ac.id/repository/coin-master-hack-download-ios_GM406889139.pdf
- http://library.yamasi.ac.id/repository/free-robux-advertisment-youtuve_GM431946152.pdf
- http://library.yamasi.ac.id/repository/free-card-link-coin-master_GM406889139.pdf
- http://library.yamasi.ac.id/repository/minecraft-free-ios_GM479516143.pdf
- http://library.yamasi.ac.id//repository/pubg-uc-exchange_GM1330123889.pdf
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003119.bin31c01684247ef2f9425dd5dfbd1884888a09ebab0559e01b2b172411a39fdcc1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3119 | 22144 bytes |
font_01_sfnt_off0000620c.bin05050119ef5e291a15488da93c7407b81bd8b5ab9f6ca77c7888ca47432a6d2e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x620C | 18652 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.