Categories: Forensics Tools

Creating and Analyzing a Malicious PDF File with PDF-Parser Tool

This tool will parse a PDF document to distinguish the central components utilized as a part of the analyzed file. It won’t render a PDF archive.

Features included:

  • Load/parse objects and headers
  • Extract metadata (author, description, …)
  • Extract text from ordered pages
  • Support of compressed pdf
  • Support of MAC OS Roman charset encoding
  • Handling of hexa and octal encoding in text sections
  • PSR-0 compliant (autoloader)
  • PSR-1 compliant (code styling)

You can Take the best Certified Cyber Threat Intelligence Analyst online course to learn and analyze more related cyber threats.

Analyzing a Malicious PDF File

We have created the PDF file with an EXE file embedded with it.

Step 1: To launch the PDF parser type pdf-parser

root@kali:~# pdf-parser -h

 List all the options with PDFParser

Step 2: To get the stats of the PDF Document.

root@kali:~# pdf-parser -a /root/Desktop/template.pdf

Step 3: Passing stream data through Filters FlateDecode,ASCIIHexDecode, ASCII85Decode, LZWDecode, and RunLengthDecode.

root@kali:~# pdf-parser -f /root/Desktop/template.pdf

Step 4: To get the Hashes of the PDF file.

root@kali:~# pdf-parser -H /root/Desktop/template.pdf

Step 5: Case-sensitive search in streams

root@kali:~# pdf-parser –casesensitive /root/Desktop/template.pdf

Step 6: To get the javascript added to the document.

pdf-parser –search javascript –raw /root/Desktop/template.pdf

The stats option shows insights into the items found in the PDF report. Utilize this to recognize PDF archives with unusual/unexpected objects, or to characterize PDF records.

The search option scans for a string in indirect objects (not inside the surge of Indirect objects). The inquiry is not case-sensitive and is defenseless to obfuscation methods.

The filter option applies the filter(s) to the stream, whereas the raw option makes the pdf-parser output raw data.

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read:

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

View Comments

Recent Posts

Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications

The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been…

7 hours ago

Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2

A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government, defense,…

7 hours ago

Unpatched Vulnerabilities Attract Cybercriminals as EDR Visibility Remains Limited

Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency of…

7 hours ago

Threat Actors Attack Job Seekers of Fortune 500 Companies to Steal Personal Details

In Q3 2024, Cofense Intelligence uncovered a targeted spear-phishing campaign aimed at employees working in…

7 hours ago

DragonForce Attacks Critical Infrastructure to Exfiltrate Data and Halt Operations

The DragonForce ransomware group has launched a significant cyberattack on critical infrastructure in Saudi Arabia,…

7 hours ago

New Malware Uses Legitimate Antivirus Driver to Bypass All System Protections

In a concerning development, cybersecurity researchers at Trellix have uncovered a sophisticated malware campaign that…

7 hours ago