MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF document contains numerous links to external resources, including a known malicious redirector at http://netcdn.co/app/431946152/jailbreak-roblox.com-cheats-game-hack and an IP address at http://103.68.2.77. These links are presented as download opportunities for game cheats and hacks, indicating a social engineering lure. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Clickable URI points to raw IP address medium PDF_URI_IP_LITERALPDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.co/app/431946152/jailbreak-roblox.com-cheats-game-hack In PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/roblox-xyz-hack_GM431946152.pdfPDF link annotation
- http://103.68.2.77/__statics/gudangsoal/files/vip-roblox-free_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/roblox-hack_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/free-robux-hacker-us_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/how-to-get-free-robux-with-inspect-2021_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/how-to-hack-roblox-mobile-with-cydia_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/roblox-pink-free-robux_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/get-free-roblox-robux-on-therobuxapp-com_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/free-robux-and-builders-club-hack_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/are-roblox-hack-clients-a-thing_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/roblox-scripts-download-for-free_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/free-robux-no-human-verification-no-survey_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/how-to-get-free-minecoins-in-minecraft_GM479516143.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/free-tiktok-likes-2021_GM835599320.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/roblox-adopt-me-free-vbucks_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/classic-minecraft-net-hacks_GM479516143.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/how-to-speed-hack-in-roblox-booga-booga_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/is-atticus129-roblox-profile-hacked_GM431946152.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/get-minecraft-for-free_GM479516143.pdfIn PDF document text
- http://103.68.2.77/__statics/gudangsoal/files/how-to-hack-into-someones-roblox-account_GM431946152.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000309a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x309A | 22668 bytes |
SHA-256: 1c46461dd473883580bf7cec278e2914976ac77e9d1f9cb7a074754c60c6d211 |
|||
font_01_sfnt_off000062d9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x62D9 | 19540 bytes |
SHA-256: 08933771a549bd0516f7ad2455b1d8b0e942bdd9efc165c09e6b902d5fbe79b1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.