It has been almost two months now since we wrote a tutorial about analyzing PDF malware’s. You can find the tutorial here. Now, with newer exploits and obfuscation techniques, PDF’s are sneaking inside your operating systems. Good thing now is that Didier Stevens has released updated versions of his tools – PDFiD & pdf-parser
Updated versions of PDFiD version 0.0.10 & pdf-parser version 0.3.7 are now available for download.
PDFiD version 0.0.10 deals with adding extended support for PDF files trying to evade from being detected by preceding the header with some random bytes.
pdf-parser (v0.3.7) adds the following updates:
- added support for filters /LZWDecode and /RunLengthDecode
- added a –dump option to extract the unfiltered data of a stream object (useful when the data is not actually compressed, but a payload)
- testing the Python version before execution
You can download updated versions of these tools and some more here.
Searches leading to this post:
pdf parser,
pdfid perl
If you enjoyed this article, you might also like:
- April 30, 2010 -- UPDATE: PDFiD 0.0.11!
You can find our tutorial about analyzing PDF malware’s here. Now, updated version of PDFiD version ... - October 4, 2009 -- Tutorial: How to analyze PDF files?
If you have been following us closely, you might recall our write up yesterday about PDFinjector. So... - August 6, 2010 -- Update : PDF Dissector 1.5.0!
PDF Dissector version 1.5.0 is a PDF malware analysis tool. It brings two very cool new features. ... - June 4, 2010 -- Spiderpig: A PDF JavaScript Fuzzer!
Adobe and Portable Document Format (PDF) vendors use JavaScript in their PDF formats to enhance stan... - April 1, 2010 -- PenTestIT Post Of The Day: Escape From PDF!
Today, we have this post from the Didier Stevens' Blog. This is the second time that his blog post i... - April 1, 2010 -- How hackers have automated SEO poisoning attacks to distribute malware?
This paper describes recent research by SophosLabs into how attackers are using blackhat Search Engi... - March 10, 2010 -- SubSeven 2.3!
Normally, we do not talk about trojan's and the likes in here, though malware analysis remains our h... - March 8, 2010 -- PenTestIT Post Of The Day: UnPacking Malicious Executables!
Today, we have this post from the Cracked, inSecure and Generally Broken Blog, which is written by, ... - January 31, 2010 -- BotHunter – A Network Based Malware Infection Detection System!
BotHunter is the first, and still the best, network-based malware infection detection system out the...
Tagged as: malicious PDF, malware, PDF-Parser, PDFid, PDFinjector
You must log in to post a comment.