MALICIOUS
72
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file was detected by ClamAV as Pdf.Phishing.Roblox062100-9873116-0, indicating a phishing attempt related to Roblox. The document body and embedded URLs suggest a lure for users interested in hacking Roblox accounts. While no scripts were explicitly extracted, the PDF structure and embedded URIs are indicative of a malicious document designed to redirect users to potentially harmful websites.
Machine Learning
- Nyx PDF Classifier clean score 0.1358
Heuristics 4
-
ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/can-someone-hack-my-roblox PDF link annotation
- http://www.campiresine.it/images/how-to-hack-a-vip-server-on-roblox.pdfIn PDF document text
- http://safwafurniture.com/images/hacking-my-brothers-roblox-acaawaant.pdfIn PDF document text
- http://kim-kinder-im-mittelpunkt.de/images/how-to-get-free-robux-inspect-no-waiting-saves.pdfIn PDF document text
- http://seniornetwanganui.org.nz/images/free-form-studio-roblox.pdfIn PDF document text
- https://www.hbproducts.dk/images/free-roblox-tickets-hack.pdfIn PDF document text
- http://kulturhusbabberich.nl/images/people-hacking-roblox.pdfIn PDF document text
- http://scuttworksdesigns.us/images/free-roblox-account-gettet.pdfIn PDF document text
- http://petarda.hu/images/free-robux-hack-may-2021.pdfIn PDF document text
- http://unc-europe.com/images/how-to-hack-in-roblox-2021-fly.pdfIn PDF document text
- https://www.u-pin-it.com/images/roblox-isername-change-free.pdfIn PDF document text
- https://www.romedia.gr/images/how-to-no-clip-in-roblox-no-hack.pdfIn PDF document text
- http://hotel-buta.by/images/counter-blox-roblox-hack-2021.pdfIn PDF document text
- http://stitchingart.com/images/hack-in-booga-booga-roblox.pdfIn PDF document text
- http://vagency.us/images/argent-infinie-lumber-tycoon-cheat-roblox-engine.pdfIn PDF document text
- http://hotel-buta.by/images/how-to-bypass-the-roblox-cheat-engine-bypass.pdfIn PDF document text
- https://consorziocsa-asicaivano.it/images/robloxcom-download-free-pc.pdfIn PDF document text
- http://iedarelief.us/images/free-to-use-roblox-shirt.pdfIn PDF document text
- http://sbm-nn.ru/images/how-to-get-free-robux-without-apps.pdfIn PDF document text
- http://moralcenter.or.th/images/roblox-hack-2021-mega.pdfIn PDF document text
- https://www.tsdb.com.au/images/how-to-get-free-robux-trur-false.pdfIn PDF document text
- http://www.boic.nl/images/robux-hack-no-fake.pdfIn PDF document text
- http://bilhetim.com.br/images/yt-roblox-parkour-you-can-free-runing-the-buy.pdfIn PDF document text
- http://uptodate.az/images/free-robux-simple-app.pdfIn PDF document text
- https://www.lavigny.ch/images/google-only-avatar-free-roblox.pdfIn PDF document text
- http://www.adravietnam.org/images/free-roblox-gidt-cards.pdfIn PDF document text
- http://ehma.com/images/how-to-get-robux-on-roblox-free-2021.pdfIn PDF document text
- http://eooe.gr/images/robux-hack-no-questions.pdfIn PDF document text
- https://rincondelentrenador.com/images/free-roblox-oof-sound.pdfIn PDF document text
- http://bressanassessoria.com.br/images/hack-robux-promo-codes.pdfIn PDF document text
- http://onlinemusicsolutions.com.au/images/roblox-work-at-a-pizza-place-money-hack-2021.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_007_off00039055.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x39055 | 23448 bytes |
SHA-256: dfcf1774e6fd3504b03df45a670e30369486250b86e19ce0b3f87f4b9296e021 |
|||
font_01_sfnt_off0003c553.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3C553 | 18196 bytes |
SHA-256: 05af2b3808835192dfcc559b53834fcf1af91489823d3151d487a1527eb23d8d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.