SUSPICIOUS
42
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The document body and extracted URLs indicate a lure related to obtaining free items or cheats for the game Roblox. The presence of numerous suspicious URLs, combined with the ML classifier flagging the PDF as malicious, strongly suggests a phishing or scam attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URIs are consistent with techniques used to redirect users to malicious websites.
Machine Learning
- Nyx PDF Classifier malicious score 0.6193
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/how-to-get-free-glasses-on-roblox PDF link annotation
- http://apostolosandreaslemesou.com/images/how-to-enable-speed-hack-on-cheat-engine-roblox.pdfIn PDF document text
- http://imp.lg.ua/images/nograv-on-roblox-using-cheat-engine.pdfIn PDF document text
- http://junktiquecollector.com/images/roblox-cheat-engine-jump-hack.pdfIn PDF document text
- http://shiny-nn.ru/images/map-free-robux-card-code-2021.pdfIn PDF document text
- http://indotec.fr/images/roblox-free-adidas-teu.pdfIn PDF document text
- http://egorplitka.ru/images/free-roblox-cookies-discord.pdfIn PDF document text
- https://digitalsenseafrica.com.ng/images/roblox-jailbreak-hack-bypassed.pdfIn PDF document text
- http://ghegamethu.vn/images/comment-ont-fais-pour-avoir-un-cheat-sur-robloxcheat-roblox.pdfIn PDF document text
- https://www.cosmosdawn.net/images/roblox-tickets-hack.pdfIn PDF document text
- http://www.mikramarine.gr/images/free-roblox-passwords-2021.pdfIn PDF document text
- https://www.romedia.gr/images/chat-hack-roblox-download.pdfIn PDF document text
- http://egorplitka.ru/images/how-to-get-free-gamepasses-on-roblox-2021.pdfIn PDF document text
- http://www.fanciullovito.it/images/roblox-song-i-want-to-break-free.pdfIn PDF document text
- http://lllaw.eu/images/free-robux-scam-game-uncopylocked.pdfIn PDF document text
- https://www.romedia.gr/images/roblox-weight-lifting-sim-hack.pdfIn PDF document text
- http://pandaplast.com/images/free-roblox-headphone.pdfIn PDF document text
- http://southernhills-golf.com/images/roblox-robux-hack-no-survey-or-download-u-said-tags.pdfIn PDF document text
- http://bau-lk.de/images/laxify-roblox-hack.pdfIn PDF document text
- https://consorziocsa-asicaivano.it/images/how-to-get-free-robux-from-bloxmarket.pdfIn PDF document text
- http://interpretation-dessins-enfants.net/images/how-to-get-free-robux-in-5-seconds.pdfIn PDF document text
- http://www.thecoffeebaron.co.za/images/free-robux-omg.pdfIn PDF document text
- https://www.impactfoods.co.uk/images/free-robux-2021-no-survey-or-download.pdfIn PDF document text
- http://www.sapaengineering.kz/images/free-online-roblox-tycoons.pdfIn PDF document text
- http://florentineholding.com/images/roblox-mad-city-cheat-download.pdfIn PDF document text
- http://www.evaplast.by/images/scpninetailedfox-mod-cheats-roblox.pdfIn PDF document text
- http://www.visiblefilm.com/images/roblox-protosmasher-free-download.pdfIn PDF document text
- http://www.cosver.nl/images/my-roblox-account-has-been-hacked.pdfIn PDF document text
- https://www.albisser.ch/images/roblox-free-robux-add-to-chrome.pdfIn PDF document text
- https://www.manisoft.ir/images/how-to-use-roblox-jailbreak-auto-rob-hack.pdfIn PDF document text
- http://naturschutzgossau-zh.ch/images/roblox-free-boombox-script-site-v3rmillionnet.pdfIn PDF document text
- https://kldcardio.ru/images/free-robux-generator-quiz.pdfIn PDF document text
- https://pemadamapi.net/images/qtx-roblox-download-free.pdfIn PDF document text
- http://evp-sanorlenok.ru/images/can-i-hack-roblox.pdfIn PDF document text
- http://cdescolapios.org/images/roblox-lumber-tycoon-hack-2021.pdfIn PDF document text
- http://solidkom.ch/images/como-ser-hacker-en-roblox-con-el-movil.pdfIn PDF document text
- http://gc-sistemas.com.ar/images/how-to-get-free-hacks-on-robloxs.pdfIn PDF document text
- http://serviio.org/images/free-robux-no-generator.pdfIn PDF document text
- https://cdu-lengerich.de/images/get-free-robux-from-roblox.pdfIn PDF document text
- http://beer-holzhaus.ch/images/synapse-roblox-hack-ddl.pdfIn PDF document text
- http://fmbompastor.com.br/images/roblox-hacks-xray-2021.pdfIn PDF document text
- http://imp.lg.ua/images/roblox-hack-mobilenerator-net.pdfIn PDF document text
- https://reggieslockandkey.com/images/free-free-robux-robux-robux.pdfIn PDF document text
- http://www.evaplast.by/images/free-robux-generator-no-survey-no-download-no-password.pdfIn PDF document text
- http://learningarabic.co.uk/images/how-to-get-roblox-admin-for-free.pdfIn PDF document text
- https://www.fhccu.com/images/free-robux-com-generator.pdfIn PDF document text
- http://www.maranata4x4.co.za/images/how-to-recover-hacked-roblox-account-without-email.pdfIn PDF document text
- https://sdg-trade.com/images/roblox-jailbreak-hack-jjsploit.pdfIn PDF document text
- http://learningarabic.co.uk/images/roblox-gift-codes-free.pdfIn PDF document text
- http://www.pleiadisrl.it/images/how-to-get-free-rocket-fuel-roblox-jailbreak.pdfIn PDF document text
+16 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00008230.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8230 | 25776 bytes |
SHA-256: 70c3325e9bdbe6e605b11cc37dbda056a3311dc88a0b1a36eef15d9ff839bb44 |
|||
font_01_sfnt_off0000bd2f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBD2F | 2896 bytes |
SHA-256: 90d77d065f93150ee652ed3ce79924b5ebfcae47abf79a24366adbef9fa21c4a |
|||
font_02_sfnt_off0000c72e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC72E | 18028 bytes |
SHA-256: 1e35068bdafde4db4122bdd5baed00c86fd321718d10683b20877d61e0990b67 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.