It has been almost two months now since we wrote a tutorial about analyzing PDF malware’s. You can find the tutorial here. Now, with newer exploits and obfuscation techniques, PDF’s are sneaking inside your operating systems. Good thing now is that Didier Stevens has released updated versions of his tools – PDFiD & pdf-parser
Updated versions of PDFiD version 0.0.10 & pdf-parser version 0.3.7 are now available for download.
PDFiD version 0.0.10 deals with adding extended support for PDF files trying to evade from being detected by preceding the header with some random bytes.
pdf-parser (v0.3.7) adds the following updates:
- added support for filters /LZWDecode and /RunLengthDecode
- added a –dump option to extract the unfiltered data of a stream object (useful when the data is not actually compressed, but a payload)
- testing the Python version before execution
You can download updated versions of these tools and some more here.
Searches leading to this post:pdfid, pdf parser 2009, PDF Parser Unpacker, PDFiD & pdf-parser, pdfid malware howto, pdfid tutorial, update pdfid pdfparser
You must log in to post a comment.