SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains numerous URLs related to Roblox cheats and hacking, with one prominent URL suggesting a download. The ML classifier also flagged the document as malicious. The presence of a download button heuristic further supports the intent to trick the user into downloading a potentially malicious file.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/discord-king-of-queen-roblox-cheat PDF link annotation
- https://cdu-lengerich.de/images/videos-de-como-ser-hacker-en-roblox-2021.pdfIn PDF document text
- https://hbpbenin.com/images/cheat-engine-hack-roblox-rpg.pdfIn PDF document text
- http://medicalafrica.net/images/roblox-script-changer-hack.pdfIn PDF document text
- http://www.mosaikshop.at/images/comment-hacker-vehicule-simulator-sur-roblox-2021.pdfIn PDF document text
- http://jdlrelocation.com/images/how-to-hack-into-peoples-roblox-accounts.pdfIn PDF document text
- https://jdlgroup.ca/images/codes-for-skyscraper-tycoon-roblox-that-give-free-robux.pdfIn PDF document text
- http://www.prylfabriken.se/images/how-roblox-got-hacked.pdfIn PDF document text
- http://moralcenter.or.th/images/bxworld-free-robux.pdfIn PDF document text
- http://biccairo.com/images/anonymous-hacker-script-roblox.pdfIn PDF document text
- http://aeroclub-kaernten.at/images/free-robux-glitch-xbox-one-2021.pdfIn PDF document text
- https://www.albisser.ch/images/hacker-roblox-bob-esponja.pdfIn PDF document text
- http://lllaw.eu/images/roblox-invisible-hack-2021.pdfIn PDF document text
- http://rainbowbuddha.academy/images/codes-to-hack-roblox.pdfIn PDF document text
- http://nevesomost.by/images/games-for-free-to-play-fortnite-like-roblox.pdfIn PDF document text
- https://www.archimadrid.org/images/infinte-jump-hack-roblox.pdfIn PDF document text
- http://linens.kiev.ua/images/hack-jailbreak-roblox-2021-krankheit.pdfIn PDF document text
- https://www.iadh.bi/images/free-bc-roblox-accounts-2021.pdfIn PDF document text
- http://clubpure.org/images/how-to-get-free-robux-on-your-phone.pdfIn PDF document text
- http://accesslabs.ca/images/games-o-roblox-that-allow-free-song-id.pdfIn PDF document text
- http://www.nicoifruttidelchicco.org/images/how-to-cheat-at-boku-no-roblox-remastered.pdfIn PDF document text
- http://legs11.co.za/images/hacker-face-roblox.pdfIn PDF document text
- http://britishcomics.com/images/doge-roblox-hat-free.pdfIn PDF document text
- http://www.fanciullovito.it/images/roblox-create-an-audio-free.pdfIn PDF document text
- http://gops.pruszczgdanski.pl/images/bee-swarm-hack-roblox.pdfIn PDF document text
- http://bressanassessoria.com.br/images/robux-com-free-robux.pdfIn PDF document text
- http://getthelook-bkk.com/images/how-to-get-roblox-bc-for-free.pdfIn PDF document text
- https://www.manisoft.ir/images/5-morph-to-look-like-a-hacker-in-roblox.pdfIn PDF document text
- http://www.compusiteinc.com/images/free-robux-generator-roblox-no-survey-pc.pdfIn PDF document text
- http://energotestcontrol.ru/images/how-to-hack-teleport-in-roblox.pdfIn PDF document text
- http://paro.net.ua/images/life-in-paradise-roblox-hacks.pdfIn PDF document text
- https://www.ukrtrans.biz/images/roblox-plus-download-free.pdfIn PDF document text
- https://pa-waingapu.go.id/images/how-to-make-hack-models-in-roblox.pdfIn PDF document text
- http://portal.crfsp.org.br/images/how-to-inspect-free-robux.pdfIn PDF document text
- http://cosver.eu/images/hack-initiate-unlimited-free-robux-40m.pdfIn PDF document text
- http://www.inservis.cl/images/roblox-free-downloader-igg.pdfIn PDF document text
- https://www.iadh.bi/images/how-to-get-free-robux-by-calling-roblox.pdfIn PDF document text
- https://www.stoehr-sauer.de/images/hack-off-roblox.pdfIn PDF document text
- http://finalstand.org/images/my-roblox-place-hack-by.pdfIn PDF document text
- http://lv-siegen.de/images/how-to-get-400-robux-on-roblox-for-free.pdfIn PDF document text
- http://cmfd.nl/images/how-get-new-outfit-in-roblox-for-free.pdfIn PDF document text
- http://hindicenter.com/images/how-to-get-halo-for-free-roblox.pdfIn PDF document text
- http://alpen-seeblick.at/images/the-cheat-for-roblox.pdfIn PDF document text
- http://biljartenbarendrecht.nl/images/anti-hacker-roblox.pdfIn PDF document text
- http://ilijakom.com/images/cool-face-roblox-free.pdfIn PDF document text
- http://www.campiresine.it/images/free-robux-without-survey-or-download.pdfIn PDF document text
- http://bkd1.balikpapan.go.id/images/roblox-hack-autohotkey-roblox-piano-player.pdfIn PDF document text
- https://www.romedia.gr/images/how-to-get-free-schrt-in-robux-copyng-it.pdfIn PDF document text
- http://lanoblaie.fr/images/how-to-get-10k-robux-by-redeem-code-free.pdfIn PDF document text
- http://imp.lg.ua/images/free-robux-glitch-december-2021.pdfIn PDF document text
+13 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off000080c8.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x80C8 | 27248 bytes |
SHA-256: 8512a9d18499e90aa5f5ae906227c6df3c52bde88b1108a68457443de7b5e060 |
|||
font_01_sfnt_off0000bdea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBDEA | 2832 bytes |
SHA-256: 77ae1c4cffa647a8fd533dfa4102e94364989f9e80b9cd131876e9d1005899a2 |
|||
font_02_sfnt_off0000c79a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC79A | 19216 bytes |
SHA-256: bb4511308695687f1265174586f65168953639c5511874cb3e89c5a2d869417c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.