Professional Documents
Culture Documents
RAPORT
La disciplina: AMID
Lucrare de laborator 2
"Conceptele ingineriei inverse. Analiza statica, dinamica si de
comportament. Tehnici de protectie in programele malitioase"
.
Student: Ciubotaru Vadim, SI-211M
Evaluator: Persianov Svetoslav
Chișinău, 2021
1. Malicious PDF
SHA256 000c07e3b9954d3fb92986bbbc3fb057e01fe06132a9a65226f0539b89a9cd07
MD5 9397770de7ae8b180d582869087fdadd
Every downloaded file we need to check with antivirus or on virus total. In this case virus total
find hash of this file like malicious.
With pdfid.py we find all objects in the pdf file. In this case the interesting things that script find
are “/JavaScript” and “/OpenAction”. If these objects are present maybe pdf have a javascript
code in it and it will be executed on opening pdf.
2
Let’s check what object is “/JacaScript”. With command “pdf-parser.py malicious-pdf.bin” we see
all objects.
Image 4 – JS code
3
2. Malicious Doc
MD5 0a253bf970e5239a341bc3583baa34e3
SHA256 8dc970c1aeaf7d53f4ed9aaecca5f7de962fe1b5d3a2aee2c3b5b656e566a7ca
Searching by hash on virus total, find that file is a malicious doc.