Categories: Forensics Tools

Creating and Analyzing a Malicious PDF File with PDF-Parser Tool

This tool will parse a PDF document to distinguish the central components utilized as a part of the analyzed file. It won’t render a PDF archive.

Features included:

  • Load/parse objects and headers
  • Extract metadata (author, description, …)
  • Extract text from ordered pages
  • Support of compressed pdf
  • Support of MAC OS Roman charset encoding
  • Handling of hexa and octal encoding in text sections
  • PSR-0 compliant (autoloader)
  • PSR-1 compliant (code styling)

You can Take the best Certified Cyber Threat Intelligence Analyst online course to learn and analyze more related cyber threats.

Analyzing a Malicious PDF File

We have created the PDF file with an EXE file embedded with it.

Step 1: To launch the PDF parser type pdf-parser

root@kali:~# pdf-parser -h

 List all the options with PDFParser

Step 2: To get the stats of the PDF Document.

root@kali:~# pdf-parser -a /root/Desktop/template.pdf

Step 3: Passing stream data through Filters FlateDecode,ASCIIHexDecode, ASCII85Decode, LZWDecode, and RunLengthDecode.

root@kali:~# pdf-parser -f /root/Desktop/template.pdf

Step 4: To get the Hashes of the PDF file.

root@kali:~# pdf-parser -H /root/Desktop/template.pdf

Step 5: Case-sensitive search in streams

root@kali:~# pdf-parser –casesensitive /root/Desktop/template.pdf

Step 6: To get the javascript added to the document.

pdf-parser –search javascript –raw /root/Desktop/template.pdf

The stats option shows insights into the items found in the PDF report. Utilize this to recognize PDF archives with unusual/unexpected objects, or to characterize PDF records.

The search option scans for a string in indirect objects (not inside the surge of Indirect objects). The inquiry is not case-sensitive and is defenseless to obfuscation methods.

The filter option applies the filter(s) to the stream, whereas the raw option makes the pdf-parser output raw data.

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read:

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

View Comments

Leave a Comment
Share
Published by
Gurubaran
Tags: Malicious PDFPdf analysisPDF malwarePdf parser
2 years ago

Recent Posts

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian…

11 hours ago

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…

12 hours ago

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…

12 hours ago

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…

13 hours ago

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

2 days ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

3 days ago