MALICIOUS
66
Risk Score
Malware Insights
The PDF file is encrypted, preventing deeper static analysis of its contents. It also fires a heuristic indicating it is an image-only lure, meaning it likely displays images to the user without any actual text content. This suggests a potential attempt to bypass content-based detection or to present a visual deception. The lack of extracted text or scripts limits further analysis.
Machine Learning
- Nyx PDF Classifier clean score 0.0698
Heuristics 4
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
-
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTEDPDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.iec.ch In PDF document text
Extracted artifacts 28
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0064_000.js |
pdf-javascript-stream | PDF /JS object 64 at offset 0x42CF | 205 bytes |
SHA-256: 38a0adaf87020695f40562a38b7d6e21afbaae7994b2ddd323e2177e72cac409 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var w_vcdh0 = this.getField("txtVcdhDate1");
var w_vcdh3 = this.getField("txtVcdhDate2");
if (w_vcdh0.value == "") {
w_vcdh3.value = "";
} else {
w_vcdh3.value = CalculDate(w_vcdh0.value,3);
}
|
|||
javascript_obj0069_001.js |
pdf-javascript-stream | PDF /JS object 69 at offset 0x44A2 | 116 bytes |
SHA-256: 6218a8904e70a05bb938b03ea5f949f59e40f076a345312b02c16c10283ba29d |
|||
Preview scriptFirst 1,000 lines of the extracted script
var w_field = this.getField("txtVcdhDate1");
var w_new = CalculDate(w_field.value, -1);
w_field.value = w_new;
|
|||
javascript_obj0073_003.js |
pdf-javascript-stream | PDF /JS object 73 at offset 0x485D | 115 bytes |
SHA-256: 6716461a863e29151bfa4aa3e5c459db075ce11604a9b2f588d06aa09e0ebe39 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var w_field = this.getField("txtVcdhDate1");
var w_new = CalculDate(w_field.value, 1);
w_field.value = w_new;
|
|||
javascript_obj0077_004.js |
pdf-javascript-stream | PDF /JS object 77 at offset 0x4D5F | 189 bytes |
SHA-256: 4f7f551f135d5d90eb5fc8cd31b26245c1eb2b1bc1d6ae55cb7de908751ff9d1 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var chk5 = this.getField("rbCalendrier1Rig5Vcdh");
var chk2 = this.getField("rbCalendrier2Vcdh");
if (chk5.value == "Yes") {
chk2.value = "Off";
} else {
chk2.value = "Yes";
}
|
|||
javascript_obj0082_005.js |
pdf-javascript-stream | PDF /JS object 82 at offset 0x53A4 | 189 bytes |
SHA-256: 67c33f2305b8a26560764cd0b041acc2bff4743705cbe1766cc52e9db7a4f022 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var chk5 = this.getField("rbCalendrier1Rig5Vcdh");
var chk2 = this.getField("rbCalendrier2Vcdh");
if (chk2.value == "Yes") {
chk5.value = "Off";
} else {
chk5.value = "Yes";
}
|
|||
javascript_obj0087_006.js |
pdf-javascript-stream | PDF /JS object 87 at offset 0x59E9 | 165 bytes |
SHA-256: bb8fea651b25664cde93e1e5f2ae8a46d98be0c1cafc6b1b377febc4f01b6b40 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var chkF = this.getField("rbSexeF");
var chkM = this.getField("rbSexeM");
if (chkF.value == "Yes") {
chkM.value = "Off";
} else {
chkM.value = "Yes";
}
|
|||
javascript_obj0092_007.js |
pdf-javascript-stream | PDF /JS object 92 at offset 0x6002 | 165 bytes |
SHA-256: 622dad91cb3e36aa8e8a796bd2276e018c16782f30eb653a03e6ae93a8745725 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var chkF = this.getField("rbSexeF");
var chkM = this.getField("rbSexeM");
if (chkM.value == "Yes") {
chkF.value = "Off";
} else {
chkF.value = "Yes";
}
|
|||
javascript_obj0149_008.js |
pdf-javascript-stream | PDF /JS object 149 at offset 0xA918 | 491 bytes |
SHA-256: 2d126631d5b5a9257401b0068b0a99e50e2ebf452e21694966d351626a7d616e |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
6 of 12 identifiers look randomly generated (e.g. 'txtPdsEstimLb') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var fChkKg = this.getField("rbPoidsKg");
var fLb = this.getField("txtPdsEstimLb");
var fKg = this.getField("txtPdsEstimKg");
var lenFieldLb = fLb.value.toString().length;
var lenFieldKg = fKg.value.toString().length;
if (fChkKg.value == "Yes") {
if (lenFieldKg > 0) {
var poidsKg = fKg.value;
var poidsLb = ConvertStringToNumber(poidsKg) * 2.2;
poidsLb = Math.floor(10 * poidsLb + 0.5) / 10;
fLb.value = "" + poidsLb;
} else {
fLb.value = "";
}
}
|
|||
javascript_obj0150_009.js |
pdf-javascript-stream | PDF /JS object 150 at offset 0xAA53 | 489 bytes |
SHA-256: ac0f46c0e5777cad91f18c9ed8a352e70d5944b7a6bcd290b5bc4e68c4b6e880 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
6 of 12 identifiers look randomly generated (e.g. 'txtPdsEstimLb') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var fChkLb = this.getField("rbPoidsLbs");
var fLb = this.getField("txtPdsEstimLb");
var fKg = this.getField("txtPdsEstimKg");
var lenFieldLb = fLb.value.toString().length;
var lenFieldKg = fKg.value.toString().length;
if (fChkLb.value == "Yes") {
if (lenFieldLb > 0) {
var poidsLb = fLb.value;
var poidsKg = ConvertStringToNumber(poidsLb) / 2.2;
poidsKg = Math.floor(10 * poidsKg + 0.5) / 10;
fKg.value = "" + poidsKg;
} else {
fKg.value = "";
}
}
|
|||
javascript_obj0151_010.js |
pdf-javascript-stream | PDF /JS object 151 at offset 0xAB8C | 438 bytes |
SHA-256: a1d7c31626b35f5b2af8a2a0200a5b278794306ba5f2cf71f3a227475f459647 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var fKg = this.getField("txtPdsEstimKg");
var f2Vcdh = this.getField("rbCalendrier2Vcdh");
var lenFieldKg = fKg.value.toString().length;
var fRUI = this.getField("txtDoseRigUI");
if (f2Vcdh.value == "Yes") {
fRUI.value = "";
} else if (lenFieldKg > 0) {
var poidsKg = fKg.value;
var rigUI = ConvertStringToNumber(poidsKg) * 20.0;
rigUI = Math.floor(rigUI);
fRUI.value = "" + rigUI;
} else {
fRUI.value = "";
}
|
|||
javascript_obj0152_011.js |
pdf-javascript-stream | PDF /JS object 152 at offset 0xACC3 | 356 bytes |
SHA-256: 303feeff7f79c1fa8fcba5d00153b053d2ce6287f7f5aacf1f2bc3a08ca0edd6 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var fRU = this.getField("txtDoseRigUI");
var lenFieldRigUi = fRU.value.toString().length;
if (lenFieldRigUi > 0) {
var rigUi = fRU.value;
var rigMl = ConvertStringToNumber(rigUi) / 150.0;
rigMl = Math.floor(10 * rigMl + 0.5) / 10.0;
this.getField("txtDoseRigMl").value = "" + rigMl;
} else {
this.getField("txtDoseRigMl").value = "";
}
|
|||
javascript_obj0153_012.js |
pdf-javascript-stream | PDF /JS object 153 at offset 0xADD2 | 328 bytes |
SHA-256: 91adf80129f5e9a3e0394de968e1754d2f298d63d44f86b5bfe774566d4c65c0 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var w_vcdh0 = this.getField("txtVcdhDate1");
var w_rig0 = this.getField("txtDateRig");
var w_2vcdh = this.getField("rbCalendrier2Vcdh");
var tmp;
if (w_vcdh0.value == "") {
w_rig0.value = "";
} else if (w_2vcdh.value == "Yes") {
w_rig0.value = "aucun";
} else {
tmp = w_vcdh0.value;
w_rig0.value = tmp;
}
|
|||
javascript_obj0154_013.js |
pdf-javascript-stream | PDF /JS object 154 at offset 0xAEC7 | 354 bytes |
SHA-256: aa278b7300ba6853aba9c5d8b0f9abaea1aba710a87da808db8ebbcd94d99f06 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var w_vcdh0 = this.getField("txtVcdhDate1");
var w_vcdh7 = this.getField("txtVcdhDate3");
var w_2vcdh = this.getField("rbCalendrier2Vcdh"); // 2 VCDH ( pr�-exposition)
if (w_vcdh0.value == "") {
w_vcdh7.value = "";
} else if (w_2vcdh.value == "Yes") {
w_vcdh7.value = "aucun";
} else {
w_vcdh7.value = CalculDate(w_vcdh0.value,7);
}
|
|||
javascript_obj0155_014.js |
pdf-javascript-stream | PDF /JS object 155 at offset 0xAFCD | 359 bytes |
SHA-256: dd2b413d2dd5143e8e6754a1b30cb9fc9fdf06924a9984b36c7afd403d0ec4de |
|||
Preview scriptFirst 1,000 lines of the extracted script
var w_vcdh0 = this.getField("txtVcdhDate1");
var w_vcdh14 = this.getField("txtVcdhDate4");
var w_2vcdh = this.getField("rbCalendrier2Vcdh"); // 2 VCDH ( pr�-exposition)
if (w_vcdh0.value == "") {
w_vcdh14.value = "";
} else if (w_2vcdh.value == "Yes") {
w_vcdh14.value = "aucun";
} else {
w_vcdh14.value = CalculDate(w_vcdh0.value,14);
}
|
|||
javascript_obj0156_015.js |
pdf-javascript-stream | PDF /JS object 156 at offset 0xB0D4 | 359 bytes |
SHA-256: 794450cbe1d46ebb51139c23458408433ae99a670f41686de1990926dbfd4fdf |
|||
Preview scriptFirst 1,000 lines of the extracted script
var w_vcdh0 = this.getField("txtVcdhDate1");
var w_vcdh28 = this.getField("txtVcdhDate5");
var w_2vcdh = this.getField("rbCalendrier2Vcdh"); // 2 VCDH ( pr�-exposition)
if (w_vcdh0.value == "") {
w_vcdh28.value = "";
} else if (w_2vcdh.value == "Yes") {
w_vcdh28.value = "aucun";
} else {
w_vcdh28.value = CalculDate(w_vcdh0.value,28);
}
|
|||
javascript_obj0157_016.js |
pdf-javascript-stream | PDF /JS object 157 at offset 0xB1DC | 1294 bytes |
SHA-256: ce54dab55876022ad01f4fc1d1c2032e6ef3096839fa9cee00689baa3ac76382 |
|||
Preview scriptFirst 1,000 lines of the extracted script
var f_ddn_an = this.getField("txtDdnAn");
var f_ddn_ms = this.getField("txtDdnMois");
var f_ddn_jr = this.getField("txtDdnJour");
var f_ddn = this.getField("txtDdn");
var f_age = this.getField("txtAge");
f_ddn.value = f_ddn_an.value + "/" + f_ddn_ms.value + "/" + f_ddn_jr.value;
if (f_ddn.value.toString().length >= 5) {
var w_dn = ConvertStringToDate(f_ddn.value);
var w_now = new Date();
var w_age_days = CalcDiffDays(w_now, w_dn);
var w_string = "";
if (w_age_days > 0) {
if (w_age_days < 2.0) {
w_string = "1 jour";
} else if (w_age_days < 15.0) {
var w_value = Math.floor(w_age_days);
w_string = w_value + " jours";
} else if (w_age_days < 64) {
var w_age_weeks = Math.floor(w_age_days / 7);
w_string = w_age_weeks + " sem.";
} else if (w_age_days < 365.25) {
var w_age_months = Math.floor(w_age_days / 365.25 * 12);
w_string = w_age_months + " mois";
} else if (w_age_days < (5*365.25)) {
var w_age_years = w_age_days / 365.25;
w_age_years = Math.floor(10 * w_age_years) / 10.0;
w_string = w_age_years + " ans";
} else {
var w_age_years = Math.floor(w_age_days / 365.25);
w_string = w_age_years + " ans";
}
}
f_age.value = w_string;
}
|
|||
javascript_obj0158_017.js |
pdf-javascript-stream | PDF /JS object 158 at offset 0xB3BE | 383 bytes |
SHA-256: e2eee5d215805327e6302a7c7997186630af1ad1f8f9d48f51bdc68240703dcf |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
6 of 8 identifiers look randomly generated (e.g. 'txtPdsEstimLb') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var chkLb = this.getField("rbPoidsLbs");
var chkKg = this.getField("rbPoidsKg");
var fTxtLb = this.getField("txtPdsEstimLb");
var fTxtKg = this.getField("txtPdsEstimKg");
if (chkLb.value == "Yes") {
chkKg.value = "Off";
fTxtLb.readonly = false;
fTxtKg.readonly = true;
} else {
chkKg.value = "Yes";
fTxtLb.readonly = true;
fTxtKg.readonly = false;
}
|
|||
javascript_obj0159_018.js |
pdf-javascript-stream | PDF /JS object 159 at offset 0xB4BA | 382 bytes |
SHA-256: 4692361388c51d5e3d8c5a155f063ec7f5214f1c347f7f496c0eb4bf4177f752 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
6 of 8 identifiers look randomly generated (e.g. 'txtPdsEstimLb') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
var chkLb = this.getField("rbPoidsLbs");
var chkKg = this.getField("rbPoidsKg");
var fTxtLb = this.getField("txtPdsEstimLb");
var fTxtKg = this.getField("txtPdsEstimKg");
if (chkKg.value == "Yes") {
chkLb.value = "Off";
fTxtLb.readonly = true;
fTxtKg.readonly = false;
} else {
chkLb.value = "Yes";
fTxtLb.readonly = false;
fTxtKg.readonly = true;
}
|
|||
javascript_obj0164_019.js |
pdf-javascript-stream | PDF /JS object 164 at offset 0xB8F6 | 598 bytes |
SHA-256: 1bf81e0ab6de7213050a6ff36de05ba5087fe6ba7fa215ce01d06ccaa4253279 |
|||
Preview scriptFirst 1,000 lines of the extracted script
function CalcDiffDays(a_after, a_before)
{
// Les deux param�tres doivent �tre de type "Date"
// Cette fonction retourne le nombre de jours (fraction incluse) entre
// les deux dates
// Correction du bug an 2000 !
var a_y = a_after.getFullYear();
var b_y = a_before.getFullYear();
if (a_y < 1000) { a_y += 1900; a_after.setFullYear(a_y); }
if (b_y < 1000) { b_y += 1900; a_before.setFullYear(b_y); }
// Calcul de diff�rence
var k_day_msec = 24 * 60 * 60 * 1000;
var w_value = (a_after.getTime() - a_before.getTime()) / k_day_msec;
return w_value;
}
|
|||
javascript_obj0165_020.js |
pdf-javascript-stream | PDF /JS object 165 at offset 0xBA7F | 815 bytes |
SHA-256: c97d1a4698fb7dd707f62661269f0e9ac2011543748d799b212af1973b1ac661 |
|||
Preview scriptFirst 1,000 lines of the extracted script
function CalculDate(a_date_debut, a_delta_jour)
{
// Cette fonction extrait la date de d�part � partir du premier
// param�tre. � cette date, elle ajoute un nombre de jours (positif
// ou n�gatif). Elle retourne la date r�sultante.
// Effectuer calcul de date
var w_jour_ms = 24*60*60*1000; // Millisecondes par jour
var w_start = ConvertStringToDate(a_date_debut);
var w_end = new Date();
w_end.setTime(w_start.getTime() + (0.5 + a_delta_jour) * w_jour_ms);
// Reconstruire "string" AAAA-MM-JJ
var w_new_year = w_end.getFullYear();
if (w_new_year < 1000) { w_new_year += 1900; }
var w_new_month = w_end.getMonth() + 1;
var w_new_day = w_end.getDate();
var w_return = w_new_year + "-" + w_new_month + "-" + w_new_day;
return w_return;
}
|
|||
javascript_obj0166_021.js |
pdf-javascript-stream | PDF /JS object 166 at offset 0xBC72 | 1533 bytes |
SHA-256: 30c93741d788434930b3dc451ec85f07ef5aea50c1dfe8c88829c4198544f5de |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
function ConvertStringToDate(a_input)
{
// Automate Fini Deterministe pour extraire A-M-J
var w_annee = 0;
var w_mois = 0;
var w_jour = 0;
var curState = "A"; // Etats : A=ann�e,M=mois,J=jour,Z=erreur
var curChar = " ";
var nextState = "Z";
var curValue = 0;
var w_today = new Date();
var w_date = w_today;
var i = 0;
//
for (i=0; i < a_input.length; i++) {
curChar = a_input.charAt(i);
newState = "Z";
charIsDigit = ("0123456789".indexOf(curChar) != -1);
if (charIsDigit) {
curValue = 10 * curValue + eval(curChar);
if (curState == "A") { nextState = "B"; w_annee = curValue; }
if (curState == "B") { nextState = "B"; w_annee = curValue; }
if (curState == "C") { nextState = "D"; w_mois = curValue; }
if (curState == "D") { nextState = "D"; w_mois = curValue; }
if (curState == "E") { nextState = "F"; w_jour = curValue; }
if (curState == "F") { nextState = "F"; w_jour = curValue; }
} else {
curValue = 0;
if (curState == "A") { nextState = "Z"; }
if (curState == "B") { nextState = "C"; }
if (curState == "C") { nextState = "Z"; }
if (curState == "D") { nextState = "E"; }
if (curState == "E") { nextState = "Z"; }
if (curState == "F") { nextState = "Z"; }
}
curState = nextState;
}
if (w_annee < 100) { w_annee += 1900; }
if ((w_mois > 0) && (w_jour > 0)) {
w_date = new Date(w_annee-1900, w_mois-1, w_jour);
}
return w_date;
}
|
|||
javascript_obj0167_022.js |
pdf-javascript-stream | PDF /JS object 167 at offset 0xBEB1 | 1634 bytes |
SHA-256: 382beb763ed1acfe6e3091bd67b6b3ab5f47a72f68d3e7d2c93fb838d22ad19b |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 5 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
function ConvertStringToNumber(a_input)
{
// Automate a Etats Finis (Finite State Automaton)
// pour convertir une chaine de caracteres a l'entr�e et la
// traduire en nombre
a_input = String(a_input);
// Finite state automaton to parse a number
var curState = "A";
var kDigits = new String("0123456789");
var kComma = new String(",.");
var curValue = 0;
var decimalMask = 0.1;
var curChar = " ";
var newState = "Z";
for (i=0; i < a_input.length; i++) {
curChar = a_input.charAt(i);
newState = "Z";
if ((curChar == " ") && (curState == "A")) { newState = "A"; }
if ((kComma.indexOf(curChar) != -1) && (curState == "A")) { newState = "D"; }
if ((kDigits.indexOf(curChar) != -1) && (curState == "A"))
{ newState = "B"; curValue = eval(curChar); }
if ((kDigits.indexOf(curChar) != -1) && (curState == "B"))
{ newState = "B"; curValue = 10 * curValue + eval(curChar); }
if ((kComma.indexOf(curChar) != -1) && (curState == "B")) { newState = "C"; }
if ((kDigits.indexOf(curChar) != -1) && (curState == "C"))
{ newState = "E"; curValue += decimalMask * eval(curChar); decimalMask *= 0.1; }
if ((kDigits.indexOf(curChar) != -1) && (curState == "D"))
{ newState = "E"; curValue += decimalMask * eval(curChar); decimalMask *= 0.1; }
if ((kDigits.indexOf(curChar) != -1) && (curState == "E"))
{ newState = "E"; curValue += decimalMask * eval(curChar); decimalMask *= 0.1; }
curState = newState;
}
if ("BCE".indexOf(curState) >= 0) {
return curValue;
} else {
return "";
}
}
|
|||
javascript_obj0168_023.js |
pdf-javascript-stream | PDF /JS object 168 at offset 0xC0E7 | 370 bytes |
SHA-256: 431046ef2dcea6a8df5e8513d36c7362244de4433c4a64dea62771f90adeaeff |
|||
Preview scriptFirst 1,000 lines of the extracted script
function SetDateToday()
{
var w_field = this.getField("txtVcdhDate1");
var w_today = new Date();
var w_year = w_today.getFullYear();
var w_month = w_today.getMonth() + 1;
var w_day = w_today.getDate();
var w_string = w_year + "-" + w_month + "-" + w_day;
w_field.value = w_string;
this.getField("txtDateRecomm").value = w_string;
}
|
|||
javascript_obj0217_024.js |
pdf-javascript-stream | PDF /JS object 217 at offset 0xFEBB | 930 bytes |
SHA-256: f1ec1753e08434d97ccbc91bfd975d2b21f82c296b83c122ed2022c7be6d0bea |
|||
Preview scriptFirst 1,000 lines of the extracted script
//
// effacer les valeurs des 'radioButton'
//
var chk5 = this.getField("rbCalendrier1Rig5Vcdh");
var chk2 = this.getField("rbCalendrier2Vcdh");
var chkLb = this.getField("rbPoidsLbs");
var chkKg = this.getField("rbPoidsKg");
var chkF = this.getField("rbSexeF");
var chkM = this.getField("rbSexeM");
chk5.value = "Yes";
chk2.value = "Off";
chkLb.value = "Off";
chkKg.value = "Off";
chkM.value = "Off";
chkF.value = "Off";
//
// effacer les valeurs des champs texte
//
var txtPL = this.getField("txtPdsEstimLb");
var txtPK = this.getField("txtPdsEstimKg");
txtPL.value = "";
txtPK.value = "";
txtPL.readonly = true;
txtPK.readonly = true;
var fDdnA = this.getField("txtDdnAn");
var fDdnM = this.getField("txtDdnMois");
var fDdnJ = this.getField("txtDdnJour");
var fAge = this.getField("txtAge");
fDdnA.value = "";
fDdnM.value = "";
fDdnJ.value = "";
fAge.value = "";
SetDateToday();
|
|||
javascript_obj0218_025.js |
pdf-javascript-stream | PDF /JS object 218 at offset 0x10041 | 2331 bytes |
SHA-256: b884dbfb438e887a4873cb2123406103c7dc009109f9611bdb6789c9e87b2c25 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
32 of 53 identifiers look randomly generated (e.g. 'rbCalendrier2Vcdh') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
//
// effacer les valeurs des 'radioButton'
//
var chk5 = this.getField("rbCalendrier1Rig5Vcdh");
var chk2 = this.getField("rbCalendrier2Vcdh");
var chkLb = this.getField("rbPoidsLbs");
var chkKg = this.getField("rbPoidsKg");
var chkF = this.getField("rbSexeF");
var chkM = this.getField("rbSexeM");
chk5.value = "Off";
chk2.value = "Off";
chkLb.value = "Off";
chkKg.value = "Off";
chkM.value = "Off";
chkF.value = "Off";
//
// effacer les valeurs des champs texte
//
var txtPL = this.getField("txtPdsEstimLb");
var txtPK = this.getField("txtPdsEstimKg");
txtPL.value = "";
txtPK.value = "";
txtPL.readonly = true;
txtPK.readonly = true;
var fDdnA = this.getField("txtDdnAn");
var fDdnM = this.getField("txtDdnMois");
var fDdnJ = this.getField("txtDdnJour");
var fAge = this.getField("txtAge");
fDdnA.value = "";
fDdnM.value = "";
fDdnJ.value = "";
fAge.value = "";
// SetDateToday();
var fDateRig = this.getField("txtDateRig");
var fDateVcdh1 = this.getField("txtVcdhDate1");
var fDateVcdh2 = this.getField("txtVcdhDate2");
var fDateVcdh3 = this.getField("txtVcdhDate3");
var fDateVcdh4 = this.getField("txtVcdhDate4");
var fDateVcdh5 = this.getField("txtVcdhDate5");
var fDatRecom = this.getField("txtDateRecomm");
fDateRig.value = "";
fDateVcdh1.value = "";
fDateVcdh2.value = "";
fDateVcdh3.value = "";
fDateVcdh4.value = "";
fDateVcdh5.value = "";
fDatRecom.value = "";
var fNom = this.getField("txtNom");
var fPre = this.getField("txtPrenom");
var fNAM = this.getField("txtNAM"); // Numero assurance maladie
var fAdr1 = this.getField("txtAddr1");
var fAdr2 = this.getField("txtAddr2Ville");
var fAdr3 = this.getField("txtAddr3Cp");
var fTel1 = this.getField("txtTel1Res");
var fTel2 = this.getField("txtTel2Autre");
var fRai1 = this.getField("txtRaison1");
var fRai2 = this.getField("txtRaison2");
fNom.value = "";
fPre.value = "";
fNAM.value = "";
fAdr1.value = "";
fAdr2.value = "";
fAdr3.value = "";
fTel1.value = "";
fTel2.value = "";
fRai1.value = "";
fRai2.value = "";
var fPRec = this.getField("txtNomProfRecomm");
var fNClsc = this.getField("txtNomCLSC");
var fPClsc = this.getField("txtPersClsc");
var fTClsc = this.getField("txtTelClsc");
fPRec.value = "";
fNClsc.value = "";
fPClsc.value = "";
fTClsc.value = "";
|
|||
stream_090_off00026649.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x26649 | 24375 bytes |
SHA-256: b1a653ff2e2d916a4b4d4e2506162ea0e1e2560ef515fac048952167f619763c |
|||
icc_00_off0000ccb5.icc |
pdf-icc-profile | PDF ICC profile at offset 0xCCB5 | 3144 bytes |
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
|||
font_00_sfnt_off000211f1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x211F1 | 61540 bytes |
SHA-256: d5d366cf58c57c9e7df80c2c395e213afb2e734b10ed0bbb4a0f6b7db8988210 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.