SUSPICIOUS
50
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains multiple embedded URLs and heuristic firings indicating a lure for free Robux, a popular in-game currency. The ML classifier also flagged the PDF as malicious. The presence of urgency and download button lures further supports a phishing or malware distribution attempt. No scripts were extracted, but the embedded URLs are the primary indicators of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 4
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/robux-robux-free-roblox PDF link annotation
- http://www.hawler.in/images/a-free-roblox-card.pdfIn PDF document text
- http://lanoblaie.fr/images/instal-cheat-roblox-adopt-me.pdfIn PDF document text
- https://bancroftandsons.com/images/roblox-hacked-codes.pdfIn PDF document text
- http://famoirs.co.uk/images/free-robux-with-no-downloading-apps.pdfIn PDF document text
- http://acp-institut.fr/images/free-robux-with-no-downloads.pdfIn PDF document text
- http://www.prylfabriken.se/images/gravity-switch-hack-roblox-2021.pdfIn PDF document text
- https://esl.ipb.ac.id/images/avatar-in-roblox-free.pdfIn PDF document text
- https://www.foodsafety.cz/images/free-op-roblox-accounts.pdfIn PDF document text
- http://www.oberberger.it/images/how-to-make-robux-free-no-hack.pdfIn PDF document text
- http://interpretation-dessins-enfants.net/images/roblox-shuts-down-with-cheat-engine.pdfIn PDF document text
- http://nevesomost.by/images/noob-vs-pro-vs-hacker-roblox-bee-swarm-simulator.pdfIn PDF document text
- http://www.centromedicoaurora.it/images/how-to-hack-into-ppls-account-on-roblox.pdfIn PDF document text
- https://www.u-pin-it.com/images/roblox-dress-free-shipping.pdfIn PDF document text
- http://fiur-malermeister.de/images/google-only-avatar-free-roblox.pdfIn PDF document text
- http://eddieblum.nl/images/free-roblox-hats-2021.pdfIn PDF document text
- http://www.vktzunami.cz/images/como-descargar-local-player-hacks-roblox.pdfIn PDF document text
- https://bgescc.com/images/can-you-really-get-free-robux.pdfIn PDF document text
- http://santeh-40.ru/images/how-to-hack-roblox-apocalypse-rising-2021.pdfIn PDF document text
- http://brandyourbody.com/images/how-to-get-a-robux-for-free-2021.pdfIn PDF document text
- https://www.brainpads.com/images/roblox-digimon-aurity-hack-fast-fire.pdfIn PDF document text
- http://domaizdereva24.ru/images/free-robux-promo-codes-list.pdfIn PDF document text
- http://www.drent.se/images/how-to-hack-audio-in-roblox.pdfIn PDF document text
- http://tegeler-segler.de/images/roblox-jailbreak-play-for-free.pdfIn PDF document text
- http://kids-academy.pl/images/how-do-you-become-a-hacker-on-roblox.pdfIn PDF document text
- http://www.copoint.co.uk/images/roblox-car-speed-hack-script.pdfIn PDF document text
- http://engelum.com/images/hack-vampire-hunters-2-roblox-fly.pdfIn PDF document text
- http://modlingua.com/images/one-piece-millenium-roblox-stats-hack.pdfIn PDF document text
- http://moto98.com/images/roblox-free-robux-download.pdfIn PDF document text
- https://schulzpressetext.de/images/how-to-make-cheats-for-roblox-in-visual-studio.pdfIn PDF document text
- https://masseymotorcars.com/images/robux-hack-no-survey-no-human-verification-2021.pdfIn PDF document text
- http://per-bittner.de/images/how-to-get-dominus-items-for-free-roblox.pdfIn PDF document text
- http://www.nielsen2u.dk/images/flob-fun-roblox-hacker-generator.pdfIn PDF document text
- http://sfsbm.org/images/robux-free-codees-legit.pdfIn PDF document text
- http://schottlandfieber.de/images/blonde-girl-hair-free-roblox.pdfIn PDF document text
- http://www.torvet11.dk/images/how-to-get-free-robux-working-2021.pdfIn PDF document text
- http://www.sanjosedeminas.gob.ec/images/any-free-roblox-exploits-2021.pdfIn PDF document text
- http://energotestcontrol.ru/images/cheat-engine-roblox-bee-swarm-simulator.pdfIn PDF document text
- https://www.stadtbesichtigungen.de/images/free-robux-please.pdfIn PDF document text
- http://legs11.co.za/images/cheat-roblox-uno.pdfIn PDF document text
- http://businessfit.com/images/hack-weight-lifting-simulator-2-roblox.pdfIn PDF document text
- https://www.fenews.co.uk/images/buy-free-robux-card.pdfIn PDF document text
- http://sb2m.com.br/images/roblox-dragon-fury-hack.pdfIn PDF document text
- http://www.jureclomas.com.ar/images/roblox-xbox-360-free-download.pdfIn PDF document text
- https://www.only-press.ru/images/how-to-fly-hack-in-roblox-jailbreak.pdfIn PDF document text
- https://socialvalue.gr/images/hack-robux.pdfIn PDF document text
- http://energotestcontrol.ru/images/free-robux-no-details-needed.pdfIn PDF document text
- https://www.poiskavia.ru/images/roblox-hack-como-tener-robux-gratis.pdfIn PDF document text
- http://www.bernerpupping.at/images/roblub-for-free-on-roblox-100-working-2021.pdfIn PDF document text
- https://www.saisystem.it/images/how-to-get-free-admin-on-roblox-ios.pdfIn PDF document text
+15 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008327.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8327 | 26808 bytes |
SHA-256: b67180a6418c7fa95d2e26ad8a71b8cd23dc200c1b8d232f1c4b5ac75c50915d |
|||
font_01_sfnt_off0000bf76.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBF76 | 2832 bytes |
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2 |
|||
font_02_sfnt_off0000c926.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC926 | 17320 bytes |
SHA-256: c72c4d349d8ac6d87878711678c62eb7725b2dc81e9ba7ae45d9deedae009c09 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.