SUSPICIOUS
54
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains embedded URLs and a document body that references 'Roblox Hacking Community' and 'game hack', suggesting a lure for users interested in such topics. The ML classifier strongly flagged this PDF as malicious. The presence of external URIs and an IP literal URI indicates an attempt to redirect the user to malicious content, likely for phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 3
-
Clickable URI points to raw IP address medium PDF_URI_IP_LITERALPDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.tw/app/431946152/discord-server-roblox-hacking-community-game-hack PDF link annotation
- http://103.30.145.97/__statics/gudangsoal/files/roblox-place-rewards_GM431946152.pdfPDF link annotation
- http://103.30.145.97/__statics/gudangsoal/files/free-robux-codes-2021_GM431946152.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/coin-master-free-spins-ios-2021_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/daily-coin-master-free-spin-link_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/how-to-get-minecraft-coins-for-free_GM479516143.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/http-appsmob-info-coin-master-hack_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/free-roblox-accounts-that-work_GM431946152.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/free-coin-master-spins-link-facebook_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/coin-master-hoe-to-get-extra-free-spins_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/free-coin-master-links_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/free-games-like-coin-master_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/is-minecraft-free-on-computer_GM479516143.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/minecraft-free-download-mac_GM479516143.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/minecraft-free-version-pc_GM479516143.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/coin-master-free-spins-hack-iphone_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/coin-master-attack-hack_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/coin-master-hack-free-spins_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/coin-master-free-account_GM406889139.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/robux-free-c_GM431946152.pdfIn PDF document text
- http://103.30.145.97/__statics/gudangsoal/files/free-robux-clothes_GM431946152.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off000055d9.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x55D9 | 28108 bytes |
SHA-256: 47ef0cf969441c7f5369d1b4db099f9786f68b35c3ef563b60f6555b23027a22 |
|||
font_01_sfnt_off000097f9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x97F9 | 7420 bytes |
SHA-256: 0b188308ab0e7ffce9913d63d697a586f2937cafc51a771db38e3a566cd37e24 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.