MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains embedded URLs and text that strongly suggest a social engineering lure for free Roblox items. The heuristic 'SE_LOLBIN_RUN_COMMAND' indicates the presence of command execution indicators within the document text, likely related to downloading or executing further content. While no scripts were explicitly extracted, the overall pattern points to a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.7876
Heuristics 4
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/free-roblox-account-over-30-days PDF link annotation
- http://learningarabic.co.uk/images/how-to-get-200-robux-for-free.pdfIn PDF document text
- https://www.iadh.bi/images/free-builders-club-accounts-on-roblox.pdfIn PDF document text
- http://alexandrion.com/images/robux-hack-generator-secret.pdfIn PDF document text
- http://www.barkas-n-i.gr/images/roblox-blob-simulator-hacks.pdfIn PDF document text
- https://sitam.co.in/images/roblox-robot-inc-cheat.pdfIn PDF document text
- https://www.laarsenco.nl/images/roblox-jailbreak-how-to-get-free-lamborgini.pdfIn PDF document text
- https://www.wildpark-johannismuehle.de/images/third-person-hack-roblox.pdfIn PDF document text
- https://gomsa.nl/images/real-robux-hack-2021.pdfIn PDF document text
- http://stackideas.com/images/roblox-dex-explorer-hack.pdfIn PDF document text
- https://www.ukrtrans.biz/images/roblox-ff-cheat-engine.pdfIn PDF document text
- http://instrutech.co.th/images/free-robux-generator-2021-robux-hack-no-survey-updated.pdfIn PDF document text
- https://zabota-kashira.ru/images/free-music-codes-for-roblox.pdfIn PDF document text
- https://www.najeebqasmi.com/images/booga-booga-roblox-cheat.pdfIn PDF document text
- http://www.mikramarine.gr/images/roblox-mad-city-hack-money.pdfIn PDF document text
- http://bb-im2.com/images/how-to-give-urself-items-in-roblox-with-cheat-engine.pdfIn PDF document text
- http://erntefest2016.de/images/hack-de-juegos-robux.pdfIn PDF document text
- http://osteonad.com/images/roblox-how-to-change-your-name-for-free-2021.pdfIn PDF document text
- http://www.agri-tech.com.au/images/how-to-hack-roblox-accounts-2021-using-cmd.pdfIn PDF document text
- http://bb-im2.com/images/free-robux-t-shirt.pdfIn macro / runtime command snippet
- http://uctovnictvosnv.sk/images/hackear-roblox-cuenta.pdfIn PDF document text
- https://www.romedia.gr/images/cheat-big-paintball-roblox.pdfIn macro / runtime command snippet
- https://reggieslockandkey.com/images/free-credit-card-numbers-for-robux.pdfIn PDF document text
- http://www.rezbb.sk/images/http-get-free-robux-eu5-net.pdfIn PDF document text
- http://arcnjournals.org/images/robux-hack-just-username.pdfIn PDF document text
- http://horsa18.ru/images/backpacking-hack-roblox-v3rmillion.pdfIn PDF document text
- http://ivpr.net/images/free-robux-2021.pdfIn PDF document text
- https://cintasoeste.com.ar/images/roblox-neueste-version-free-download.pdfIn PDF document text
- http://bufbd.org/images/roblox-redeem-card-hack.pdfIn PDF document text
- http://www.agri-tech.com.au/images/counter-roblox-hacks.pdfIn PDF document text
- http://kancelaria-legnica.eu/images/how-to-get-free-robux-without-human-verification-or-download.pdfIn PDF document text
- http://buvis.is/images/roblox-trailer-free.pdfIn PDF document text
- http://eleveurs-autrement.fr/images/roblox-jailbreak-how-to-get-free-skins.pdfIn PDF document text
- http://berntfoto.dk/images/roblox-free-catalog-items-blogspot-com.pdfIn PDF document text
- http://mebliok.com.ua/images/roblox-retail-tycoon-116-ifinite-money-hack.pdfIn PDF document text
- http://britishcomics.com/images/roblox-natrual-disaster-survival-hacked.pdfIn PDF document text
- http://agrupamentoescolas-alfredo-da-silva.com/images/free-350-robux.pdfIn PDF document text
- http://ilcommercialista.info/images/roblox-hack-2021-deutsch.pdfIn PDF document text
- http://bkd1.balikpapan.go.id/images/free-robux-2021-comxa-dot-com.pdfIn PDF document text
- http://bibliotheque-perrigny-les-dijon.fr/images/roblox-level-7-script-executor-hack.pdfIn PDF document text
- http://smoothjazzclub.net/images/mod-hack-roblox.pdfIn PDF document text
- https://www.osoc.com/images/online-roblox-hack-2021.pdfIn PDF document text
- http://www.eaapiaria.es/images/how-to-hack-roblox-high-school-2.pdfIn PDF document text
- http://columbuscigar.com/images/free-robux-without-human-verification-2021.pdfIn PDF document text
- http://ferienwohnung-walker.de/images/free-4-mobile-24-roblox.pdfIn PDF document text
- http://businessfit.com/images/roblox-robux-hacks-com-online.pdfIn PDF document text
- https://www.lavigny.ch/images/keyon-air-hack-is-model-roblox.pdfIn PDF document text
- https://www.audev.com/images/roblox-hack-toturail.pdfIn PDF document text
- http://www.prylfabriken.se/images/how-to-hack-into-anybodys-roblox-account-in-5-minutes.pdfIn PDF document text
- http://escolaarboc.cat/images/hack-roblox-jailbreak-2021-speed.pdfIn PDF document text
+16 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008605.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8605 | 27508 bytes |
SHA-256: 7d90dba711c0dab559d44b884f672d517e0126a4bc6235d60f64e77aa3e106fb |
|||
font_01_sfnt_off0000c379.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC379 | 18952 bytes |
SHA-256: 271db87baaabc1caa41a1101fb74d894d46fb79a004e1c5c404dd2b327636dbf |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.