Malicious PDF — malware analysis report

Heuristics 4

• LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMAND
  Extracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://gaminggenerator.org/app/431946152/free-roblox-account-over-30-days PDF link annotation

  • http://learningarabic.co.uk/images/how-to-get-200-robux-for-free.pdfIn PDF document text
  • https://www.iadh.bi/images/free-builders-club-accounts-on-roblox.pdfIn PDF document text
  • http://alexandrion.com/images/robux-hack-generator-secret.pdfIn PDF document text
  • http://www.barkas-n-i.gr/images/roblox-blob-simulator-hacks.pdfIn PDF document text
  • https://sitam.co.in/images/roblox-robot-inc-cheat.pdfIn PDF document text
  • https://www.laarsenco.nl/images/roblox-jailbreak-how-to-get-free-lamborgini.pdfIn PDF document text
  • https://www.wildpark-johannismuehle.de/images/third-person-hack-roblox.pdfIn PDF document text
  • https://gomsa.nl/images/real-robux-hack-2021.pdfIn PDF document text
  • http://stackideas.com/images/roblox-dex-explorer-hack.pdfIn PDF document text
  • https://www.ukrtrans.biz/images/roblox-ff-cheat-engine.pdfIn PDF document text
  • http://instrutech.co.th/images/free-robux-generator-2021-robux-hack-no-survey-updated.pdfIn PDF document text
  • https://zabota-kashira.ru/images/free-music-codes-for-roblox.pdfIn PDF document text
  • https://www.najeebqasmi.com/images/booga-booga-roblox-cheat.pdfIn PDF document text
  • http://www.mikramarine.gr/images/roblox-mad-city-hack-money.pdfIn PDF document text
  • http://bb-im2.com/images/how-to-give-urself-items-in-roblox-with-cheat-engine.pdfIn PDF document text
  • http://erntefest2016.de/images/hack-de-juegos-robux.pdfIn PDF document text
  • http://osteonad.com/images/roblox-how-to-change-your-name-for-free-2021.pdfIn PDF document text
  • http://www.agri-tech.com.au/images/how-to-hack-roblox-accounts-2021-using-cmd.pdfIn PDF document text
  • http://bb-im2.com/images/free-robux-t-shirt.pdfIn macro / runtime command snippet
  • http://uctovnictvosnv.sk/images/hackear-roblox-cuenta.pdfIn PDF document text
  • https://www.romedia.gr/images/cheat-big-paintball-roblox.pdfIn macro / runtime command snippet
  • https://reggieslockandkey.com/images/free-credit-card-numbers-for-robux.pdfIn PDF document text
  • http://www.rezbb.sk/images/http-get-free-robux-eu5-net.pdfIn PDF document text
  • http://arcnjournals.org/images/robux-hack-just-username.pdfIn PDF document text
  • http://horsa18.ru/images/backpacking-hack-roblox-v3rmillion.pdfIn PDF document text
  • http://ivpr.net/images/free-robux-2021.pdfIn PDF document text
  • https://cintasoeste.com.ar/images/roblox-neueste-version-free-download.pdfIn PDF document text
  • http://bufbd.org/images/roblox-redeem-card-hack.pdfIn PDF document text
  • http://www.agri-tech.com.au/images/counter-roblox-hacks.pdfIn PDF document text
  • http://kancelaria-legnica.eu/images/how-to-get-free-robux-without-human-verification-or-download.pdfIn PDF document text
  • http://buvis.is/images/roblox-trailer-free.pdfIn PDF document text
  • http://eleveurs-autrement.fr/images/roblox-jailbreak-how-to-get-free-skins.pdfIn PDF document text
  • http://berntfoto.dk/images/roblox-free-catalog-items-blogspot-com.pdfIn PDF document text
  • http://mebliok.com.ua/images/roblox-retail-tycoon-116-ifinite-money-hack.pdfIn PDF document text
  • http://britishcomics.com/images/roblox-natrual-disaster-survival-hacked.pdfIn PDF document text
  • http://agrupamentoescolas-alfredo-da-silva.com/images/free-350-robux.pdfIn PDF document text
  • http://ilcommercialista.info/images/roblox-hack-2021-deutsch.pdfIn PDF document text
  • http://bkd1.balikpapan.go.id/images/free-robux-2021-comxa-dot-com.pdfIn PDF document text
  • http://bibliotheque-perrigny-les-dijon.fr/images/roblox-level-7-script-executor-hack.pdfIn PDF document text
  • http://smoothjazzclub.net/images/mod-hack-roblox.pdfIn PDF document text
  • https://www.osoc.com/images/online-roblox-hack-2021.pdfIn PDF document text
  • http://www.eaapiaria.es/images/how-to-hack-roblox-high-school-2.pdfIn PDF document text
  • http://columbuscigar.com/images/free-robux-without-human-verification-2021.pdfIn PDF document text
  • http://ferienwohnung-walker.de/images/free-4-mobile-24-roblox.pdfIn PDF document text
  • http://businessfit.com/images/roblox-robux-hacks-com-online.pdfIn PDF document text
  • https://www.lavigny.ch/images/keyon-air-hack-is-model-roblox.pdfIn PDF document text
  • https://www.audev.com/images/roblox-hack-toturail.pdfIn PDF document text
  • http://www.prylfabriken.se/images/how-to-hack-into-anybodys-roblox-account-in-5-minutes.pdfIn PDF document text
  • http://escolaarboc.cat/images/hack-roblox-jailbreak-2021-speed.pdfIn PDF document text

  +16 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.