Ok, I received a obvious phishing email with what I can only assume is a malicious pdf attachment.

I took the opportunity to learn from it and opened the file in my home lab isolated VM to examine it.

I suspect it is a key logger with the intent that the person freaks out and logs into their PayPal and Coinbase account.

It has what looks like Java script streams within it and tried to use a Python script to decode it but getting stuck. Any help reading this?