MALICIOUS
162
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
T1071.001 Web Protocols
This PDF document employs a lure related to 'free Roblox hacks' and brand impersonation (Amazon) to trick users into clicking malicious links. The embedded links, such as 'https://enigmagenerator.com/app/431946152/roblox-game-hack', likely lead to credential phishing or the download of a second-stage payload. The presence of 'cmd-prompt.pdf' in the document text suggests an attempt to execute commands, potentially to download and run further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.7795
Heuristics 6
-
PDF links to a 'free generator / game hack' redirector high PDF_GAME_HACK_REDIRECT_LUREPDF's clickable action targets a redirector of the form /app/<id>/<slug>-game-hack — the landing-page shape of a large SEO 'free spins / generator / game hack' lure family that funnels victims through rotating disposable hosts to a malware/scam payload. The multi-link variants also trip ML/link-farm rules; this catches the single-link variants that otherwise score clean.
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISHDocument impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: https://enigmagenerator.com/app/431946152/roblox-game-hack.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://enigmagenerator.com/app/431946152/roblox-game-hack PDF link annotation
- http://agroturismoarkaia.com/images/roblox-hack-robux-no-verify.pdfIn PDF document text
- https://www.audev.com/images/roblox-how-to-get-free-obc-2021.pdfIn PDF document text
- http://www.apocalissedigesucristo.com/images/cheat-roblox-jailbreak-glitches.pdfIn PDF document text
- https://consorziocsa-asicaivano.it/images/roblox-phantom-forces-money-hack-2021.pdfIn PDF document text
- http://ns1.radiofacil.net/images/how-to-get-free-robux-glitch-easy.pdfIn PDF document text
- https://www.utalii.ac.ke/images/paginas-roblox-free-robuxx.pdfIn PDF document text
- http://www.fluidtech.hu/images/robux-hacks-no-serves.pdfIn PDF document text
- http://www.mjclautrec.fr/images/roblox-robux-editor-hack-download.pdfIn PDF document text
- http://fiur-malermeister.de/images/roblox-cheat-engine-robux-hack-2021.pdfIn PDF document text
- http://hydroconseil.net/images/roblox-free-gift-card-script.pdfIn PDF document text
- http://techmobil.pl/images/www-roblox-cheatus-limited-amount-2021.pdfIn PDF document text
- http://prodent.com.ua/images/roblox-free-robux-by-watching-ads.pdfIn PDF document text
- http://vipservice-bg.com/images/hack-para-roblox-2021-pc.pdfIn PDF document text
- https://arcasict.nl/images/free-roblox-no-sign-in.pdfIn PDF document text
- http://briankellyforcongress.com/images/free-robux-quiz.pdfIn PDF document text
- http://kancelaria-legnica.eu/images/free-robux-on-robux-store.pdfIn PDF document text
- http://familymn.com/images/free-robux-generator-2021-no-survey.pdfIn PDF document text
- https://asesoriamss.com/images/how-to-hack-roblox-with-cheat-engine.pdfIn PDF document text
- http://pgk-polaniec.pl/images/cupcake-roblox-exploit-knife-hack.pdfIn PDF document text
- https://lobergetart.se/images/how-to-hack-in-roblox-murderer-mystery-2.pdfIn PDF document text
- http://atelierweb.it/images/80-robux-a-day-free.pdfIn PDF document text
- http://www.vktzunami.cz/images/how-to-become-builders-club-on-roblox-for-free.pdfIn PDF document text
- https://shop.bellmann-muenzen.de/images/ash-greninja-shuriken-in-roblox-free.pdfIn PDF document text
- http://www.hotelcimone.it/images/how-to-hack-in-roblox-adopt-and-raise-a-baby.pdfIn PDF document text
- https://hekl-software.de/images/in-roblox-how-to-get-robux-for-free.pdfIn PDF document text
- http://villazeus.eu/images/roblox-free-font.pdfIn PDF document text
- http://moralcenter.or.th/images/free-robux-generator-no-human-verification-pc.pdfIn PDF document text
- https://domoticaaplicada.com/images/buzz-the-bee-free-robux.pdfIn PDF document text
- http://sandra-masemann.de/images/free-download-the-game-roblox.pdfIn PDF document text
- http://kfz-ilg.com/images/you-get-free-robux.pdfIn PDF document text
- http://learningarabic.co.uk/images/roblox-hack-download-robux-pc.pdfIn PDF document text
- http://svp-steinmaur.ch/images/free-robux-generator-no-human-verification-fpr-real.pdfIn PDF document text
- http://www.pcclawyers.com.au/images/how-to-hack-roblox-all-games-android.pdfIn PDF document text
- http://pa-tanjungselor.go.id/images/hacks-for-cbro-roblox.pdfIn PDF document text
- http://www.equistop.it/images/roblox-cheat-engine-30.pdfIn PDF document text
- https://meltonschool.org/images/free-robux-content-deleted.pdfIn PDF document text
- http://www.kalaaliaraq.dk/images/greenlegocats123-how-to-get-free-robux.pdfIn PDF document text
- http://carmen-duran.com/images/survivor-hacks-script-roblox.pdfIn PDF document text
- http://www.eurosan1.ba/images/no-human-verification-robux-hack-2021.pdfIn PDF document text
- http://bagliomangiapane.com/images/roblox-hat-hack.pdfIn PDF document text
- http://www.elis-strechy.cz/images/pastebin-roblox-robux-free-2021.pdfIn PDF document text
- http://alpen-seeblick.at/images/roblox-games-that-cheat-engine-works-on.pdfIn PDF document text
- https://www.tsdb.com.au/images/how-to-get-more-robux-hack.pdfIn PDF document text
- http://prodent.com.ua/images/free-800-robux-roblox.pdfIn PDF document text
- https://xn--80adfcepoood1a3b.xn--p1ai/images/how-to-hack-roblox-with-cmd-prompt.pdfIn PDF document text
- http://covenersleague.com/images/how-to-get-free-robux-t.pdfIn PDF document text
- http://tegeler-segler.de/images/roblox-game-hacks-2021.pdfIn macro / runtime command snippet
- http://legs11.co.za/images/how-to-hack-roblox-medieval-warfare-reforged.pdfIn macro / runtime command snippet
- http://kim-kinder-im-mittelpunkt.de/images/hacks-roblox-yt.pdfIn PDF document text
+16 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00007186.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7186 | 31536 bytes |
SHA-256: eea7d5eccd987027f08f3207da294494827eeb0e258356d2f4363441f0051581 |
|||
font_01_sfnt_off0000b73b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB73B | 18252 bytes |
SHA-256: ef7d672f7b32fb9211a6bc28cbc8660f8036ac97cc9a23b8bd023e68e55c6883 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.