MALICIOUS
72
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is identified as malicious by ClamAV with a specific signature indicating phishing related to game item trading. An external URI pointing to a similar topic was extracted, suggesting a lure to a malicious website. Although no scripts were directly extracted, the PDF structure and the presence of external links indicate a potential phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier clean score 0.0491
Heuristics 4
-
ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/how-to-hack-a-trade-in-roblox PDF link annotation
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00035684.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x35684 | 21360 bytes |
SHA-256: 3969bb5aa7364f10c8423534a500c37a7fa21d3ce40bd5d93b89958d4728d901 |
|||
font_01_sfnt_off00038504.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x38504 | 18052 bytes |
SHA-256: e35301c9067088ddde06bd637079bf443a5a0ae554038ff9a657b3e02191f459 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.