MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is a PDF document that contains lures suggesting a download is available, specifically for a Roblox cheat. The ClamAV detection and the presence of an external URI pointing to a gaming-related domain strongly indicate a phishing or scam attempt. No scripts were extracted, but the document's structure and embedded URI suggest it's designed to trick users into visiting a malicious site.
Machine Learning
- Nyx PDF Classifier suspicious score 0.2693
Heuristics 5
-
ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/cheat-prison-break-roblox PDF link annotation
- https://www.hofe-gmbh.de/images/cheat-engine-for-roblox-2021.pdfIn PDF document text
- http://stitchingart.com/images/how-to-get-free-robux-no-download-2021.pdfIn PDF document text
- http://autenticohostalsalou.com/images/roblox-wizard-tycoon-2-player-hack.pdfIn PDF document text
- http://jackson-pr.com/images/how-to-get-any-item-for-free-in-roblox-2021.pdfIn PDF document text
- http://iricamidelcuore.it/images/roblox-speed-hack-tool.pdfIn PDF document text
- http://condit-pack.com/images/free-roblox-hacker-com-robucks.pdfIn PDF document text
- http://learningarabic.co.uk/images/arrest-me-and-get-free-robux-roblox-jailbreak-roblox-live.pdfIn PDF document text
- http://atelierweb.it/images/how-to-use-hacks-on-roblox-no-virus.pdfIn PDF document text
- http://alexandrion.com/images/free-promo-codes-roblox-not-expired.pdfIn PDF document text
- http://dialine.cz/images/cheat-code-hoverboard-ghost-simulator-roblox.pdfIn PDF document text
- http://jbm-constructions.com/images/free-roblox-accounts-dashing-simulator.pdfIn PDF document text
- https://schaefer-rechtsanwaelte.com/images/roblox-gift-card-free-delivery.pdfIn PDF document text
- http://elllanorestaurants.com/images/mac-roblox-cheat-engine.pdfIn PDF document text
- https://wandpiraten.de/images/how-to-make-t-shirts-free-on-roblox.pdfIn PDF document text
- http://batutynas.lt/images/roblox-free-online-no-installing.pdfIn PDF document text
- https://gigbagwinkel.nl/images/rmc-free-roblox-aimbot-download.pdfIn PDF document text
- http://ptts.pl/images/roblox-robux-and-tix-hack-game.pdfIn PDF document text
- https://schulzpressetext.de/images/free-roblox-redeem-codes-no-survey.pdfIn PDF document text
- http://legitame.org/images/roblox-sex-cheat-code.pdfIn PDF document text
- http://greenoase.be/images/roblox-moon-tycoon-hack.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off0003720c.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x3720C | 24100 bytes |
SHA-256: b1d00f2d560e7a4e236cc6f6896d3ea98ea45cd5fb2f27d11e51d6d8cf059f16 |
|||
font_01_sfnt_off0003a8ae.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3A8AE | 18312 bytes |
SHA-256: 059699cbd41bf289c15410889d49943e41aa6afb803e1167fdf597e02d0fa322 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.