MALICIOUS
122
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The document impersonates PayPal and uses a lure of a "Roblox Tycoon Cash Hack" to entice users to click on malicious links. The presence of a security bypass instruction and the ML classifier flagging the PDF indicate malicious intent. The embedded URLs are likely used to deliver a second-stage payload or facilitate credential phishing.
Machine Learning
- Nyx PDF Classifier malicious score 0.7795
Heuristics 5
-
Security software disable instruction high SE_SECURITY_BYPASSDocument instructs the user to disable antivirus or security software — unusual for ordinary documents and high-risk in an unsolicited file
-
Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISHDocument impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: http://gaminggenerator.org/app/431946152/roblox-tycoon-cash-hack.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/roblox-tycoon-cash-hack PDF link annotation
- http://adues.org/images/why-is-robux-not-free.pdfIn PDF document text
- https://www.stoehr-sauer.de/images/free-robux-no-human-verification-not-clickbait.pdfIn PDF document text
- http://infoagronomia.com.ar/images/hack-roblox-steve-one-piece-roblox-auto-farm-chest.pdfIn PDF document text
- http://www.agri-tech.com.au/images/free-roblox-items-codes-2021.pdfIn PDF document text
- https://pa-waingapu.go.id/images/bhs-hack-roblox.pdfIn PDF document text
- http://www.inservis.cl/images/roblox-blueberry-hack.pdfIn PDF document text
- http://posterprintshop.nl/images/a-free-robux-gift-card-number.pdfIn PDF document text
- https://asesoriamss.com/images/hack-roblox-fr.pdfIn PDF document text
- http://www.visiblefilm.com/images/roblox-pokemon-brick-bronze-free-download.pdfIn PDF document text
- http://www.fanciullovito.it/images/how-to-report-a-roblox-hacker-that-was-banned.pdfIn PDF document text
- https://www.gymun.cz/images/comment-hacker-dans-roblox-pc.pdfIn PDF document text
- http://somvisio.es/images/how-to-hack-unicorn-in-roblox.pdfIn PDF document text
- https://www.udivadlahotel.cz/images/how-to-get-free-catalog-items-on-roblox-vortexx.pdfIn PDF document text
- http://ff-obertraun.at/images/always-day-hack-for-roblox.pdfIn PDF document text
- http://www.actae.gr/images/free-level-7-executor-roblox.pdfIn PDF document text
- http://aistplus.ru/images/como-ser-hacker-en-roblox-skywars.pdfIn PDF document text
- http://www.anies.eu/images/cheated-on-roblox-girlfriend.pdfIn PDF document text
- http://seniorenverband-brh-nds.de/images/free-girl-account-roblox.pdfIn PDF document text
- https://socialvalue.gr/images/which-cheat-engine-address-is-robux.pdfIn PDF document text
- http://sscclc.edu.ec/images/comment-crer-son-propre-hack-roblox.pdfIn PDF document text
- http://ns1.radiofacil.net/images/how-to-hack-roblox-mobile-ios.pdfIn PDF document text
- http://gaeconsultores.cl/images/free-dominus-roblox-catalog.pdfIn PDF document text
- https://consorziocsa-asicaivano.it/images/what-to-do-if-your-account-gets-hacked-on-roblox.pdfIn PDF document text
- http://www.lascalamilanowallcovering.it/images/free-2021-robux.pdfIn PDF document text
- http://jdlrelocation.com/images/roblox-marketplace-for-free.pdfIn PDF document text
- http://www.boic.nl/images/how-to-get-more-robux-using-cheat-engine.pdfIn PDF document text
- https://luminouswisdom.org/images/roblox-prison-life-before-it-was-hacked-10.pdfIn PDF document text
- http://www.fvsspa.com/images/gun-script-hack-roblox-pastebin-2021.pdfIn PDF document text
- http://jaeger-bauplanung.de/images/roblox-online-play-free.pdfIn PDF document text
- http://cristalysoptic.com/images/free-robux-script-hack.pdfIn PDF document text
- http://petarda.hu/images/free-roblox-accounts-with-robux-2021-1.pdfIn PDF document text
- https://verdensbarn.no/images/fre-robux-fro-reallllllll.pdfIn PDF document text
- http://www.sanjosedeminas.gob.ec/images/how-are-roblox-cheaters-cheating.pdfIn PDF document text
- http://halitbayramoglu.com.tr/images/roblox-hack-november-2021.pdfIn PDF document text
- http://kingmusic.pl/images/all-script-roblox-hack.pdfIn PDF document text
- http://www.fluidtech.hu/images/how-to-get-free-robux-in-roblox-pc-2021.pdfIn PDF document text
- https://www.hotschool.com.au/images/hack-prison-life-roblox.pdfIn PDF document text
- https://aniruddhasadm.com/images/how-to-get-free-robux-on-roblox-2021-hack.pdfIn PDF document text
- http://cosver.eu/images/roblox-jailbreack-money-hack.pdfIn PDF document text
- http://medinup.pt/images/roblox-fashion-famous-hack-script.pdfIn PDF document text
- http://prodajalec.si/images/free-robux-cards-me-com.pdfIn PDF document text
- http://ivpr.net/images/proxo-descargar-roblox-hack-we-are-devs.pdfIn PDF document text
- http://www.exikom.com.ua/images/free-robux-is-gay.pdfIn PDF document text
- http://britishcomics.com/images/roblox-cheat-jailbeak-2021.pdfIn PDF document text
- http://baah.ca/images/hack-mod-roblox-apk.pdfIn PDF document text
- https://www.cfdcnv.com/images/free-robux-password-required.pdfIn PDF document text
- http://getthelook-bkk.com/images/free-roblox-exploit-trial.pdfIn PDF document text
- http://eooe.gr/images/the-best-free-hacking-tool-for-roblox.pdfIn PDF document text
- http://xn--80aeb7bbceeegc.xn--p1ai/images/free-robux-codes-for-robux.pdfIn PDF document text
+13 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off000081ad.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x81AD | 25708 bytes |
SHA-256: 8dc232cb326734312c7ba92d69c2797c8b05df73717e13660c58a63987acabe1 |
|||
font_01_sfnt_off0000bc5c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBC5C | 17972 bytes |
SHA-256: b8fae7297cb16c82c41f097be1c28f0a9b398685b5de642a2030ded3beafa687 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.