MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
T1059.003 Windows Command Shell
The PDF contains multiple embedded URLs and a prominent lure to download a 'Roblox Hack'. The heuristic 'SE_CLIPBOARD_COMMAND_LURE' indicates the document likely instructs the user to paste commands into a shell, suggesting an attempt to execute a second-stage payload. The ML classifier also flagged the PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.7795
Heuristics 4
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/impact-roblox-hack-download PDF link annotation
- http://pa-tanjungselor.go.id/images/earn-free-roblox-gift-cards-legits.pdfIn PDF document text
- https://amatq.ca/images/how-to-earn-a-ton-of-robux-for-free.pdfIn PDF document text
- http://joshherman.com/images/guy-cheats-on-irl-girlfriend-with-roblox-girlfriend.pdfIn PDF document text
- https://www.millatgears.com/images/freerobuxklub.pdfIn PDF document text
- http://immo360grad.com/images/new-free-robux-codes.pdfIn PDF document text
- https://eleganceautospa.ca/images/roblox-magic-simolator-hack-script.pdfIn PDF document text
- https://fkg.usu.ac.id/images/how-to-be-a-hacker-on-roblox-on-ipad.pdfIn PDF document text
- http://domaizdereva24.ru/images/roblox-hack-robux-infinitos.pdfIn PDF document text
- https://sdg-trade.com/images/roblox-rap-battles-hack.pdfIn PDF document text
- http://www.web.stc-part.co.th/images/roblox-name-chace-hack.pdfIn PDF document text
- http://learningarabic.co.uk/images/download-hack-roblox-2021-fr-bee-swarm-simulator.pdfIn PDF document text
- http://www.oberberger.it/images/roblox-car-crushers-2-free.pdfIn PDF document text
- https://enpav.it/images/basic-roblox-hacks.pdfIn PDF document text
- https://www.lomrad.go.th/images/roblox-urbis-level-hack.pdfIn PDF document text
- http://bibliotheque-perrigny-les-dijon.fr/images/free-robux-domino-crown.pdfIn PDF document text
- http://bilhetim.com.br/images/how-to-crack-free-robux-robuxmaniac.pdfIn PDF document text
- https://icefuture.ru/images/money-hack-roblox-jailbreak-2021.pdfIn PDF document text
- http://kaleasm.org/images/how-to-get-god-mode-on-roblox-with-cheat-engine.pdfIn PDF document text
- http://xn-----clcdhzcbmgnochhb1boe1a6b.xn--p1ai/images/como-meterse-hacks-en-roblox.pdfIn PDF document text
- http://ehma.com/images/how-to-free-robux-2021.pdfIn PDF document text
- http://kids-academy.pl/images/free-roblox-gun-gsmes.pdfIn PDF document text
- http://www.mikramarine.gr/images/free-way-to-get-p-in-plaza-game-on-roblox.pdfIn PDF document text
- http://www.gadanie.lv/images/how-to-get-1b-free-robux.pdfIn PDF document text
- http://shiny-nn.ru/images/free-robux-bandit.pdfIn PDF document text
- http://www.mjclautrec.fr/images/roblox-car-tycoon-hacks.pdfIn PDF document text
- http://dialine.cz/images/free-robux-hack-club.pdfIn PDF document text
- http://gbp-trabkiwielkie.pl/images/free-robux-obby-no-password-2021-link.pdfIn PDF document text
- http://bibliotheque-perrigny-les-dijon.fr/images/roblox-account-free-trial.pdfIn PDF document text
- https://studentcareerinfo.com/images/how-to-make-a-shirt-in-roblox-free-2021.pdfIn PDF document text
- http://www.marambio.com.ar/images/roblox-robux-online-hack.pdfIn PDF document text
- https://tokunfome.com.br/images/free-gear-in-roblox-2021.pdfIn PDF document text
- http://indotec.fr/images/simple-game-hack-robux.pdfIn PDF document text
- http://legitame.org/images/free-script-injector-roblox.pdfIn PDF document text
- https://www.stkdb.cz/images/hacks-for-flora-frenzy-roblox.pdfIn PDF document text
- http://ecoleduchat-grenoble.fr/images/pointsprizes-free-robux.pdfIn PDF document text
- http://scuttworksdesigns.us/images/pastebin-roblox-robux-hack-2021.pdfIn PDF document text
- https://meltonschool.org/images/how-to-be-a-vip-on-roblox-cheat.pdfIn PDF document text
- https://amatq.ca/images/how-to-hack-in-the-void-booga-booga-roblox.pdfIn PDF document text
- http://babyxpress.de/images/giving-away-free-robux-cards-live.pdfIn PDF document text
- http://huananhai.net/images/free-compagnon-roblox-generator-no-human-verification.pdfIn PDF document text
- http://abqwinair.com/images/como-hackear-roblox-robux-gratis-2021.pdfIn PDF document text
- http://www.fanciullovito.it/images/roblox-mining-sim-hack-pastebni-december-2021.pdfIn PDF document text
- http://www.mjclautrec.fr/images/get-free-roblox-visits.pdfIn PDF document text
- http://mittlenberg.ch/images/hacking-roblox-with-code-noclip.pdfIn PDF document text
- http://www.sanjosedeminas.gob.ec/images/how-to-get-free-robux-no-inspect.pdfIn PDF document text
- http://www.guidaturisticaverona.it/images/cartonn-animation-roblox-free.pdfIn PDF document text
- http://pa-tanjungselor.go.id/images/hack-roblox-admin-commands.pdfIn PDF document text
- https://www.wildpark-johannismuehle.de/images/roblox-free-robux-ads.pdfIn PDF document text
- http://www.pcclawyers.com.au/images/roblox-free-robux-working-2021.pdfIn PDF document text
+10 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00007e67.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7E67 | 25864 bytes |
SHA-256: d9b1feb6813e01f4fcf62be6c080ffe8a0415dc18dd980a8dfd0506da3f107be |
|||
font_01_sfnt_off0000b9e3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB9E3 | 18476 bytes |
SHA-256: 5e391e2f87671750cb9d75671d7b0bd8a96ac16994ab2e66889a4687403ed269 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.