Professional Documents
Culture Documents
Analysing Malicious Microsoft Office and Adobe PDF Documents
Analysing Malicious Microsoft Office and Adobe PDF Documents
MALWARE ANALYSIS
1.
Filename: STN.pdf
Malware PDF Source: Hybrid Analysis
Pdf-parser command
Peepdf.py -i is an interactive mode of the command.It decodes and analysyses the streams found.
stream 8 is checked with the metadata and file properties using the file
command.
word file is unzipped to see for any external relationships rtf file.
2.
File Details
Collected Date: 2017-10-13
Name: Invoice P-Order.pdf
File: PDF document, version 1.5
CRC32: 45424fe0
MD5: 46f6243cb8c323a095d180d6a948ae88
SHA1: 583ce6e477a82068c3ffbb826e19d87f0dc9963e
SHA256: d26a7e67cda125f11270af0a820f6644cf920ed70fd5b166e82757dabb6d1ee0
ImpHash: 00000000000000000000000000000000
ImpFuzzy: 0::
SSDeep: 3072:oTVcG8D6BcA4bJL30WtWBjASxC0vtHOdPK:VG8DhA4bthqFhOdPK
AV Results
ClamAV: OK
Ikarus: Trojan.PDF.Phishing
F-PROT: PDF/Phish.TV
Sophos: Troj/PDFUri-BDZ
eScan: OK
pdf-parser.py command is used for extract the list of URL’s from this PDF File.
PDFStreamDumper tool loads all the objects in the file and displays in Text and
Hex format. All the URL’S also can be viewed.