SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF document contains a lure for a fake download, indicated by the 'SE_DOWNLOAD_BUTTON' heuristic and the document body text. It also includes an external URI pointing to a suspicious URL, which is likely intended to deliver a second-stage payload. The ML classifier also flagged the PDF as malicious, increasing confidence in its malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9492
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://netcdn.xyz/app/479516143/how-to-make-a-minecraft-server-for-free-game-hack PDF link annotation
- http://whiteyaknepal.com/userfiles/files/how-to-get-free-hair-in-roblox_GM431946152.pdfIn PDF document text
- http://whiteyaknepal.com/userfiles/files/free-robux-generator-for-roblox-2021_GM431946152.pdfIn PDF document text
- http://whiteyaknepal.com/userfiles/files/free-robux-android_GM431946152.pdfIn PDF document text
- http://whiteyaknepal.com/userfiles/files/robux-websites-2021_GM431946152.pdfIn PDF document text
- http://whiteyaknepal.com/userfiles/files/freespinandcoin_GM406889139.pdfIn PDF document text
- https://code.giftcards.comIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000034b4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x34B4 | 24520 bytes |
SHA-256: 338dc522170b14ec9ec814f8d8125cd6d71fd5f17e2aa913202e7d3aecf9f8b8 |
|||
font_01_sfnt_off00006bbd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BBD | 18156 bytes |
SHA-256: 7ebd6cc6f7d73451d43dfe99dc02d56d86c4e3c51693199467050b16fbe82799 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.