SUSPICIOUS
50
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document was flagged as suspicious by an ML classifier. It uses an urgency-based lure. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.7795
Heuristics 4
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/free-roblox-shirts-templates PDF link annotation
- https://www.apartmanychorvatsko24.cz/images/treasure-hunrt-simulator-roblox-hack.pdfIn PDF document text
- http://subarulegacy.com/images/como-hackear-cuentas-de-roblox-facil.pdfIn PDF document text
- https://www.brainpads.com/images/wie-kann-man-ihn-roblox-hacken-um-robaks.pdfIn PDF document text
- http://ff-obertraun.at/images/goose-roblox-hack.pdfIn PDF document text
- http://www.vktzunami.cz/images/roblox-hacker-reporten.pdfIn PDF document text
- http://yogaschooldecypres.be/images/hack-robux-cheat-engine-64.pdfIn PDF document text
- http://salantiskis.lt/images/unlock-my-games-free-robux.pdfIn PDF document text
- http://www.fluidtech.hu/images/free-roblox-accounts-with-robux-no-pin.pdfIn PDF document text
- http://gremihostaleria.cat/images/roblox-cheat-engine-hacks-2021.pdfIn PDF document text
- http://autenticohostalsalou.com/images/free-boat-ride-roblox.pdfIn PDF document text
- http://www.lascalamilanowallcovering.it/images/robux-cheat-websites.pdfIn PDF document text
- http://prohsa.com/images/how-to-hack-roblox-free-robux-no-survey.pdfIn PDF document text
- https://www.saisystem.it/images/roblox-counter-blox-hacks-2021-june-injector.pdfIn PDF document text
- http://www.eaapiaria.es/images/how-to-get-free-shirts-on-roblox.pdfIn PDF document text
- http://cadcam.no/images/roblox-free-robux-generator-no-human-verification-2021.pdfIn PDF document text
- https://verdensbarn.no/images/deadzone-roblox-hack.pdfIn PDF document text
- https://europainstitut.hu/images/roblox-counter-blox-wall-hack.pdfIn PDF document text
- https://www.cnte.org.br/images/roblox-hack-accounts-cheat-engine.pdfIn PDF document text
- http://www.marambio.com.ar/images/how-to-hack-and-know-everyones-pass-in-roblox.pdfIn PDF document text
- http://elllanorestaurants.com/images/roblox-how-to-make-a-cool-avatar-free.pdfIn PDF document text
- https://www.prodex-holz.cz/images/ok-google-how-do-you-get-free-robux.pdfIn PDF document text
- http://www.agri-tech.com.au/images/free-robux-fast-pastebin.pdfIn PDF document text
- http://lechia-sedziszow.pl/images/black-offwhite-free-roblox.pdfIn PDF document text
- http://dermaceutic.co.uk/images/fastbucks-me-free-robux.pdfIn PDF document text
- http://reisebild.eu/images/roblox-800-robux-hack.pdfIn PDF document text
- http://ghegamethu.vn/images/roblox-free-promo-codes-2021.pdfIn PDF document text
- http://aeroclub-kaernten.at/images/roblox-login-free-no-download.pdfIn PDF document text
- https://www.knxuk.org/images/roblox-reaping-simulator-shards-hack.pdfIn PDF document text
- http://cosver.eu/images/hack-facile-robux.pdfIn PDF document text
- https://www.wildpark-johannismuehle.de/images/hacking-simulator-game-roblox.pdfIn PDF document text
- https://meltonschool.org/images/how-to-hack-roblox-admin-commands-script.pdfIn PDF document text
- http://cosver.eu/images/how-to-make-roblox-tool-script-hack.pdfIn PDF document text
- https://www.cpnf.ch/images/roblox-hack-ghost-simulator.pdfIn PDF document text
- http://ferienwohnung-dorsten.com/images/free-robux-and-robux-hack-2021.pdfIn PDF document text
- http://esm-royet.de/images/lemonade-roblox-jailbreak-hack.pdfIn PDF document text
- http://kompanievska-selrada.gov.ua/images/roblox-hack-app-android.pdfIn PDF document text
- https://www.manmed.info:443/images/what-if-roblox-was-not-free.pdfIn PDF document text
- https://www.wildpark-johannismuehle.de/images/roblox-hack-client-2021.pdfIn PDF document text
- http://yochin.org.tw/images/download-roblox-free-on-the-apple-store.pdfIn PDF document text
- http://www.les2alpes-location.com/images/how-to-hack-on-roblox-new-football-legends.pdfIn PDF document text
- http://www.gadanie.lv/images/xydia-roblox-hack.pdfIn PDF document text
- https://smszepce.info/images/create-roblox-faces-free.pdfIn PDF document text
- http://www.sapaengineering.kz/images/cheats-to-speed-city-on-roblox.pdfIn PDF document text
- https://grovehilloutfitters.com/images/774-hack-roblox-2021.pdfIn PDF document text
- http://bullyinformate.org/images/roblox-cheat-engine-how-to-get-robux.pdfIn PDF document text
- http://www.gongoff.com/images/roblox-someone-thinks-im-hacking.pdfIn PDF document text
- http://bwharrisalumniusa.org/images/how-to-use-cheat-engine-without-roblox-shutting-down.pdfIn PDF document text
- http://sbm-nn.ru/images/roblox-salty-kid-thinks-im-hacking.pdfIn PDF document text
- http://lillysonthelake.com/images/hack-de-roblox-booga-booga.pdfIn PDF document text
+21 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off0000847a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x847A | 25724 bytes |
SHA-256: 259fce899752ea42de7390ca9894c15c64c9426861df282f876ff52e4883da52 |
|||
font_01_sfnt_off0000bddc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBDDC | 18424 bytes |
SHA-256: d9ae63e269b7e7f8c9b148cc17de1db9a42b0286ce52e8e43c81f1a45c5dab97 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.