MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains numerous embedded URLs, including one pointing to an IP address, that are designed to trick users into downloading game-related cheats or hacks. The ML classifier strongly indicated maliciousness, and the presence of multiple lures suggests a phishing or malware distribution attempt. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 4
-
Clickable URI points to raw IP address medium PDF_URI_IP_LITERALPDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.tw/app/431946152/roblox-free-play-no-download-game-hack
- http://110.232.83.89/slimsppks/repository/free-minecraft-account-and-password-generator_GM479516143.pdf
- http://110.232.83.89/slimsppks/repository/free-robux-gift-card-generator_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/roblox-free-robux_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/how-to-get-free-spins-and-coins-in-coin-master_GM406889139.pdf
- http://110.232.83.89/slimsppks/repository/hack-roblox-boxing-simulator-2_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/free-robux-codes-generator_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/coin-master-free-spin-redeem-code_GM406889139.pdf
- http://110.232.83.89/slimsppks/repository/coin-master-free-spins-cheat_GM406889139.pdf
- http://110.232.83.89/slimsppks/repository/coin-master-free-attack_GM406889139.pdf
- http://110.232.83.89/slimsppks/repository/good-roblox-hacks-that-can-effect-other-players_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/free-apk-mods-coin-master_GM406889139.pdf
- http://110.232.83.89/slimsppks/repository/password-cracker-roblox-download-free_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/20210-free-spin-links-for-coin-master_GM406889139.pdf
- http://110.232.83.89/slimsppks/repository/free-spin-coin-master-game_GM406889139.pdf
- http://110.232.83.89/slimsppks/repository/get-robux-for-free-2021_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/how-to-make-a-free-ad-roblox_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/best-minecraft-hacked-client_GM479516143.pdf
- http://110.232.83.89/slimsppks/repository/coin-master-cracked-apk-free-download_GM406889139.pdf
- http://110.232.83.89/slimsppks/repository/roblox-free-robux-website_GM431946152.pdf
- http://110.232.83.89/slimsppks/repository/hacker-roblox-t-shirts_GM431946152.pdf
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000303c.binc7e865bcefd9660a86a30050e5f2be36fd0f8f79b0e43a549baeeb8910a83fd2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x303C | 22036 bytes |
font_01_sfnt_off0000613c.bin7f479a0040465e765e285b4175b17051450c1d3ea8971c0ab0066285b28c74c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x613C | 19488 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.