Malicious PDF — malware analysis report

Static analysis result for SHA-256 cde2a250fb7d5f9f…

MALICIOUS

PDF

59.9 KB Created: 2021-03-18 11:33:54 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2026-06-04
MD5: 3194677758c36304876c63bdab2f6de9 SHA-1: 68e6ab351a4ec5ee37c2984a20521ff5c63d955a SHA-256: cde2a250fb7d5f9ff1296503af667efbc9c536597f8537e4ae86c052e16e6ade
74 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains heuristics indicating it is malicious and uses an SEO redirector with a lure related to 'municipal solid waste management and handling project pdf'. The primary malicious URL identified is https://jottigo.ru/award?keyword=municipal+solid+waste+management+and+handling+project+pdf. While no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to lure users to a malicious site, likely for phishing or to download further malware.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6893

Heuristics 3

  • Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
    PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jottigo.ru/award?keyword=municipal+solid+waste+management+and+handling+project+pdf PDF link annotation
    • https://static.s123-cdn-static.com/uploads/4383806/normal_60021b5d46d55.pdfIn PDF document text
    • http://kesuvajeb.scienceontheweb.net/descargar_agenda_2020_para_imprimir_gratis.pdfIn PDF document text
    • http://serururepus.scienceontheweb.net/modal_verbs_exercises_advanced.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4366027/normal_5ff25e2927198.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4500183/normal_5fcff04c494ac.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4463308/normal_604967e38e655.pdfIn PDF document text
    • http://xiwakaravivomik.scienceontheweb.net/how_much_does_a_program_manager_make_at_amazon.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4424630/normal_5fed6c3ee75c3.pdfIn PDF document text
    • http://kodiludo.iblogger.org/air_force_academy_physical_education.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/f76d3c29-900d-485b-b987-d34b4f2ed519/why_is_my_kenmore_refrigerator_light_blinking.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/c7be88f0-f92d-4a58-878f-2fd92e61cdfc/legawigivi.pdfIn PDF document text
    • http://vobujubiga.epizy.com/80224515178.pdfIn PDF document text
    • http://jufugevupubof.epizy.com/jumper_lyrics_kina_grannis.pdfIn PDF document text
    • https://s3.amazonaws.com/pusori/70609584358.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/c37e1363-cebb-49ec-8fb1-615da919643c/wagner_w_570_vs_590.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/509de0d2-1eb3-4ee5-9eb3-7061e1645fdc/dictionary_of_literary_terms_and_literary_theory_cuddon.pdfIn PDF document text
    • https://s3.amazonaws.com/gifiz/acc_atrial_fibrillation_guidelines_2017.pdfIn PDF document text
    • https://s3.amazonaws.com/daraniwekamidir/jacks_of_all_trades_word_whizzle_answers.pdfIn PDF document text