MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains embedded URLs and a document body that lures users with promises of free in-game items, indicative of a phishing or scam attempt. The ML classifier strongly flagged this PDF as malicious, and the presence of external URIs suggests a download or redirection to a malicious site. No scripts were extracted, but the overall pattern points to a malicious document designed to trick users into downloading further malware or visiting fraudulent sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9971
Heuristics 4
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.co/app/431946152/how-to-gewt-free-robux-on-a-ipad-game-hack
- https://www.shin.ge/images/minecraft-handbook_GM479516143.pdf
- https://www.shin.ge/images/roblox-free-remdem-codes_GM431946152.pdf
- https://www.shin.ge/images/real-roblox_GM431946152.pdf
- https://www.shin.ge/images/free-to-play-minecraft-servers_GM479516143.pdf
- https://www.shin.ge/images/roblox-bus-simulator-hack_GM431946152.pdf
- https://www.shin.ge/images/how-to-hack-roblox-accounts-on-phone-2021_GM431946152.pdf
- https://www.shin.ge/images/can-you-use-cheat-engine-on-roblox-to-get-robux_GM431946152.pdf
- https://www.shin.ge/images/robux-free-online_GM431946152.pdf
- https://www.shin.ge/images/free-robux-gift-cards-2021_GM431946152.pdf
- https://www.shin.ge/images/all-links-for-free-spins-coin-master_GM406889139.pdf
- https://www.shin.ge/images/roblox-cheat-xbox-one-argent_GM431946152.pdf
- https://www.shin.ge/images/free-robux-in-game-tyoe-your-password_GM431946152.pdf
- https://www.shin.ge/images/how-to-speed-hack-on-roblox-with-cheat-engine-63_GM431946152.pdf
- https://www.shin.ge/images/roblox-generator-no-human-verification_GM431946152.pdf
- https://www.shin.ge/images/coin-master-hack-apk-2021_GM406889139.pdf
- https://www.shin.ge/images/free-roblox-printables_GM431946152.pdf
- https://www.shin.ge/images/offers-to-get-free-spins-in-coin-master_GM406889139.pdf
- https://www.shin.ge/images/free-robux-with-no-human-verification_GM431946152.pdf
- https://www.shin.ge/images/promo-codes-to-get-free-robux_GM431946152.pdf
- https://www.shin.ge/images/how-to-fly-using-cheat-engine-on-roblox_GM431946152.pdf
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00004982.binddcc4fda3a16e3c1002b6142cd4672e80ef8baf64a27d5940b1580d1be00e5c8 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x4982 | 24908 bytes |
font_01_sfnt_off00008308.bineac0c6581a92df4f113d01b74fcb0d56430758c9d4dd1a9aa8c8cd0af780e56f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8308 | 18860 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.