SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document was flagged as suspicious by an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.7795
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/geld-cheat-roblox PDF link annotation
- http://citycare.pt/images/roblox-meepcity-hacked.pdfIn PDF document text
- http://www.nielsen2u.dk/images/roblox-hack-999999-robux-2021.pdfIn PDF document text
- http://zarinnameh.ir/images/free-robux-group-join.pdfIn PDF document text
- https://photographygroupofbunbury.com/images/roblox-clone-tycoon-2-codes-hack-exploit.pdfIn PDF document text
- http://bkd1.balikpapan.go.id/images/free-trading-roblox.pdfIn PDF document text
- http://aistplus.ru/images/cheat-engine-with-roblox.pdfIn PDF document text
- https://estalagemmonteverde.com.br/images/horizon-money-hack-may-2021-roblox.pdfIn PDF document text
- https://aniruddhasadm.com/images/free-adopt-me-flying-potion-roblox.pdfIn PDF document text
- https://www.seeingindependence.org/images/how-to-put-in-hacking-scripts-roblox.pdfIn PDF document text
- https://hassel-event.de/images/how-to-roblox-noclip-hack-2021.pdfIn PDF document text
- https://www.beaufortcollege.ie/images/free-roblox-codd.pdfIn PDF document text
- http://teksomak.com/images/robux-hack-descagar.pdfIn PDF document text
- https://billiekawende.com/images/roblox-zombie-rush-free-online.pdfIn PDF document text
- http://lv-siegen.de/images/free-redeem-code-roblox-2021.pdfIn PDF document text
- http://www.sanjosedeminas.gob.ec/images/larva-hack-roblox.pdfIn PDF document text
- http://prohsa.com/images/how-to-hack-roblox-free-robux-no-survey.pdfIn PDF document text
- http://kermas.eu/images/games-that-can-give-you-free-robux.pdfIn PDF document text
- http://nosocomium.rv.ua/images/reddit-free-robux.pdfIn PDF document text
- http://www.mikramarine.gr/images/codes-for-free-robux-2021-that-nowon-use.pdfIn PDF document text
- http://schottlandfieber.de/images/www-surveytool-com-free-robux.pdfIn PDF document text
- https://www.cpnf.ch/images/how-to-hack-your-friends-roblox-account-2021.pdfIn PDF document text
- http://www.bripi.pl/images/how-to-get-free-robux-on-roblox-studio.pdfIn PDF document text
- http://echosvoix.ch/images/robuxian-hack-to-steal-robux.pdfIn PDF document text
- http://famoirs.co.uk/images/roblox-videos-of-how-to-make-free-robux.pdfIn PDF document text
- http://fairwaygolftravel.co.uk/images/wear-trash-gang-merch-on-roblox-for-free.pdfIn PDF document text
- https://beejekorf.nl/images/free-roblox-sqript-injecter.pdfIn PDF document text
- http://truebibleteaching.com/images/dll-hack-for-roblox-assasin.pdfIn PDF document text
- https://www.linzgau-kjh.de/images/hacks-for-roblox-lumber-tycoon.pdfIn PDF document text
- http://babbibooth.com/images/free-copy-hack-roblox.pdfIn PDF document text
- http://rumler.pl/images/sword-fighting-hack-roblox.pdfIn PDF document text
- http://www.e-lysis.com/images/how-to-wall-hack-in-jailbreak-roblox.pdfIn PDF document text
- http://subarulegacy.com/images/how-to-deal-with-hacker-in-roblox.pdfIn PDF document text
- http://www.rezbb.sk/images/how-to-hack-strucid-roblox.pdfIn PDF document text
- http://legs11.co.za/images/roblox-free-backpack.pdfIn PDF document text
- http://reisebild.eu/images/how-to-get-free-faces-on-roblox-easy.pdfIn PDF document text
- https://beejekorf.nl/images/bloxburg-free-robux.pdfIn PDF document text
- http://nosocomium.rv.ua/images/free-robux-with-fake-account.pdfIn PDF document text
- http://poltekkeskhjogja.ac.id/images/free-roblox-clothes-and-hair.pdfIn PDF document text
- http://cadcam.no/images/free-roblox-2021-agreeing.pdfIn PDF document text
- http://dialine.cz/images/free-flow-roblox.pdfIn PDF document text
- http://garrisonjazz.com/images/free-roblox-gift-cards-discord.pdfIn PDF document text
- http://www.torvet11.dk/images/free-robux-no-generator-no-survey.pdfIn PDF document text
- http://nosocomium.rv.ua/images/eazy-was-how-to-hack-into-a-roblox-account.pdfIn PDF document text
- http://www.imperialaccountingfl.com/images/fly-hack-roblox-no-virus.pdfIn PDF document text
- http://dottgagliardi.com/images/how-to-get-robux-for-free-2021-pc.pdfIn PDF document text
- http://julo-it.net/images/roblox-free-robux-plugin.pdfIn PDF document text
- http://www.lionel-seppoloni.fr/images/cheat-argent-sur-roblox-vehicle-simulator.pdfIn PDF document text
- http://a1scan3d.com/images/400-million-robux-free.pdfIn PDF document text
- http://www.rezbb.sk/images/roblox-prison-life-before-it-was-hacked.pdfIn PDF document text
+18 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008187.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8187 | 30960 bytes |
SHA-256: f36cbf657aefe88e52e430145d493539746da3e53ea17490dd76109cf9db0d92 |
|||
font_01_sfnt_off0000c567.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC567 | 17532 bytes |
SHA-256: 40b6cc4580651b16dd21627d2c56a2284c97933ea522d12a81a1be554eab85d3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.