pdf-parser can break out objects, including decoding raw stream to get to pdfid provides an overview of objects in a pdf, and highlights suspicious ones that could be used for malicious activity. To look at a pdf file, I’ll use heavily two tools from Didier Stevens, pdfid and pdf-parser. Still, as I’m a bit more of a noob at this, I thought it would be useful to do the analysis myself, and this post is just to show my work. In fact, I’ll come to the same conclusions that does. There’s nothing at all ground-breaking in this post. I had been on the lookout for PDFs that try to run code to play with, so this seemed like a good place to dive in.ĥ76a373ccb9b62c3c934abfe1573a87759a2bfe266477155e0e59f336cc28ab4 As says, it is a PDF that drops a SettingsContent-ms file, which then uses PowerShell to download and execute the next stage. This is a neat PDF sample that I saw mentioned on Twitter, and wanted to take a look for myself.
0 Comments
Leave a Reply. |