Professional Documents
Culture Documents
Goals
- Learn how to profile and examine a PDF file and be able to tell
whether it’s malicious or not.
- Use various tools to statically analyze a PDF file and determine
the PDF’s file content
- Extract and analyze suspicious objects
Scenario
Requirements
- Windows VM – CDTH Analyst
- Pyid
- PDF_Parser
- exiftool
- Linda.pdf | Lucy2.pdf
Lucy2.pdf
- The output may seem too large for the console terminal to show,
so it may be better to redirect the output to another text file
using the “>” symbol.
- The most distinguishable difference between the two files is that
Lucy’s contains a Javascript object which is typically used by
attackers to deliver malicious payloads
- It would be a good idea to search for that specific object and
extract it for further analysis.
- We can search for the Javascript reference within the file using
the –search Javascript option.
- It will produce the same result but more specific to that object
and search filter that you put.
Object147.js