SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains a lure related to Roblox game exploits and includes an external URI pointing to a suspicious domain. While no scripts were directly extracted, the presence of an embedded URI and the ML classifier's flagging suggest a malicious intent to redirect the user to a potentially harmful website. The document body, though heavily obfuscated, contains references to the external URI.
Machine Learning
- Nyx PDF Classifier malicious score 0.7795
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/can-someone-hack-you-if-you-report-on-roblox PDF link annotation
- http://www.vktzunami.cz/images/what-games-on-roblox-give-you-free-things.pdfIn PDF document text
- https://www.elevage-chiot.fr/images/legit-films-free-robux.pdfIn PDF document text
- https://www.psychotherapie-naturheilpraxis.de/images/roblox-swordburst-2-cheat.pdfIn PDF document text
- http://gods-own.org/images/how-can-i-get-a-roblox-hack-gui-to-work.pdfIn PDF document text
- https://amatq.ca/images/new-cheat-in-roblox-2021.pdfIn PDF document text
- http://southernhills-golf.com/images/hack-midoriya-full-cowl-roblox.pdfIn PDF document text
- http://lakeshistory.com/images/roblox-best-free-exploit-march-2021.pdfIn PDF document text
- http://hemmet-strand.dk/images/free-gift-in-big-paintball-roblox.pdfIn PDF document text
- http://ims-77.fr/images/roblox-hacks-download-ofr-pc.pdfIn PDF document text
- http://www.eurosan1.ba/images/get-free-roblox-robux-generator.pdfIn PDF document text
- http://safetin.ru/images/egg-finder-hacks-for-roblox-dragon-adventures.pdfIn PDF document text
- http://svp-steinmaur.ch/images/are-roblox-hacks-real.pdfIn PDF document text
- http://darruzzo.com/images/how-to-earn-free-robux-without-downloading-apps.pdfIn PDF document text
- http://www.ntc.edu.za/images/cheat-engine-work-on-roblox.pdfIn PDF document text
- http://only1you.ru/images/como-hackear-cuentas-de-roblox-2021.pdfIn PDF document text
- http://jackson-pr.com/images/can-your-roblox-account-get-hacked.pdfIn PDF document text
- http://www.anies.eu/images/how-to-hack-someones-roblox-account-with-link.pdfIn PDF document text
- http://kids-academy.pl/images/comandos-para-free-admin-roblox.pdfIn PDF document text
- http://ims-77.fr/images/roblox-mobile-cheats.pdfIn PDF document text
- https://amatq.ca/images/script-how-to-get-free-robux.pdfIn PDF document text
- http://www.kalaaliaraq.dk/images/how-to-spped-hack-on-roblox-jailbreak.pdfIn PDF document text
- http://www.tamogatoweb.hu/images/hack-how-to-get-free-robux.pdfIn PDF document text
- http://www.marambio.com.ar/images/roblox-hack-admin-script-2021.pdfIn PDF document text
- http://awakeningtruth.org/images/roblox-flight-hack-download.pdfIn PDF document text
- http://www.fanciullovito.it/images/best-free-exploits-for-roblox.pdfIn PDF document text
- http://www.boic.nl/images/roblox-frappe-hacks.pdfIn PDF document text
- http://batutynas.lt/images/free-bot-followers-roblox.pdfIn PDF document text
- http://www.cosver.nl/images/robux-hack-validation-code.pdfIn PDF document text
- http://pa-tanjungselor.go.id/images/free-roblox-accounts-2021-october.pdfIn PDF document text
- http://engelum.com/images/roblox-hack-free-robux-and-tix-no-survey.pdfIn PDF document text
- https://letturatarghe.it/images/artmoney-roblox-money-hack.pdfIn PDF document text
- http://uctovnictvosnv.sk/images/admin-commands-roblox-free-robux.pdfIn PDF document text
- http://www.mosaikshop.at/images/robloxpromocode-free-robux.pdfIn PDF document text
- http://jwcrownlimo.net/images/free-roblox-cardseasy.pdfIn PDF document text
- http://eventgo.fr/images/roblox-free-modles.pdfIn PDF document text
- https://corbo.ru/images/free-10-dollar-roblox-gift-card.pdfIn PDF document text
- https://septik-montag.ru/images/landonrb-free-robux.pdfIn PDF document text
- http://keepcasscountybeautiful.com/images/how-to-get-free-roblox-tix-hack.pdfIn PDF document text
- https://accord.kiev.ua/images/jailbreak-hack-roblox-script.pdfIn PDF document text
- http://petarda.hu/images/free-hack-in-roblox-jailbreak.pdfIn PDF document text
- https://pneukalousek.cz/images/how-do-i-hack-roblox-accounts.pdfIn PDF document text
- http://pandaplast.com/images/easy-hacks-to-get-free-robux.pdfIn PDF document text
- http://www.web.stc-part.co.th/images/roblox-cheat-speed-simulator-2.pdfIn PDF document text
- http://cmfd.nl/images/roblox-only-for-free.pdfIn PDF document text
- http://icomsolutions.com.au/images/free-roblox-arsenal-hack-executor.pdfIn PDF document text
- http://bilhetim.com.br/images/free-suit-in-roblox.pdfIn PDF document text
- https://esl.ipb.ac.id/images/how-to-get-50-robux-for-free-2021.pdfIn PDF document text
- http://www.gadanie.lv/images/como-usar-hacks-en-roblox-jailbreak.pdfIn PDF document text
- http://ff-klaffenbach.de/images/free-galaxy-arcade-roblox.pdfIn PDF document text
+8 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off000081ac.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x81AC | 27508 bytes |
SHA-256: 6d69da381bd5bcde9c3c4357f24a3c4aee9ad1d18574b29107b2fb2277d78b01 |
|||
font_01_sfnt_off0000bec8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBEC8 | 18716 bytes |
SHA-256: 728b06482dff3ce8b7301dead99582b475db9594122f6028f1b33db0fd88d5ca |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.