MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document contains numerous embedded links, identified as a link farm, that lead to sites offering free in-game currency or items. The ML classifier strongly indicated maliciousness, and the presence of a download button lure reinforces the deceptive nature of the document. The document's primary function appears to be directing users to potentially malicious external resources.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.co/app/431946152/free-100-robux-code-game-hack
- http://opac.salatiga.go.id/slims7//repository/2021-free-spins-coin-master-link_GM406889139.pdf
- http://opac.salatiga.go.id/slims7/repository/how-to-get-free-robux-no-human-verification-2021_GM431946152.pdf
- http://opac.salatiga.go.id/slims7//repository/coin-master-facebook-hack_GM406889139.pdf
- http://opac.salatiga.go.id/slims7/repository/free-roblox-gift-card-codes-20-dollar_GM431946152.pdf
- http://opac.salatiga.go.id/slims7/repository/hacked-roblox-game_GM431946152.pdf
- http://opac.salatiga.go.id/slims7/repository/how-to-get-minecraft-on-chromebook-for-free_GM479516143.pdf
- http://opac.salatiga.go.id/slims7/repository/how-to-get-an-item-in-roblox-for-free_GM431946152.pdf
- http://opac.salatiga.go.id/slims7/repository/free-spins-for-coin-master_GM406889139.pdf
- http://opac.salatiga.go.id/slims7//repository/roblox-free-vip-server_GM431946152.pdf
- http://opac.salatiga.go.id/slims7/repository/free-roblox-glasses_GM431946152.pdf
- http://opac.salatiga.go.id/slims7/repository/free-redeem-pin-code-roblox-2021_GM431946152.pdf
- http://opac.salatiga.go.id/slims7/repository/rewards-roblox_GM431946152.pdf
- http://opac.salatiga.go.id/slims7//repository/coin-master-hacks_GM406889139.pdf
- http://opac.salatiga.go.id/slims7/repository/how-to-hack-coin-master-spin-ios_GM406889139.pdf
- http://opac.salatiga.go.id/slims7/repository/free-robux-lol_GM431946152.pdf
- http://opac.salatiga.go.id/slims7//repository/how-to-get-free-robux-for-free_GM431946152.pdf
- http://opac.salatiga.go.id/slims7//repository/how-to-make-robux-on-roblox_GM431946152.pdf
- http://opac.salatiga.go.id/slims7/repository/pubg-uc-generator-without-verification_GM1330123889.pdf
- http://opac.salatiga.go.id/slims7//repository/daily-free-spin-coin-master-link_GM406889139.pdf
- http://opac.salatiga.go.id/slims7/repository/cara-cheat-roblox-mining-simulator_GM431946152.pdf
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003306.binfc982eb378cffbee1238e6d2546a78df37e800bc95507ef24acec088f9bc9288 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3306 | 22188 bytes |
font_01_sfnt_off00006463.binf78488c28cd477d37367f9fb898055ebd48123716f4ca5e58c607941be1c2eb9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6463 | 19168 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.