This time we will check 2 PDF's (because I decide that it will be more fun than just posting about one ;)). Beside that - those 2 files contains different method for delivering the payload, so we will check all of them.
Monday, 2 March 2015
Sunday, 1 March 2015
[EN] Analyzing Malicious PDF
Reading Contagio Blog I found few examples of malicious PDF files.
Today we will check one of them. :)
During PDF analysis many times we will use peepdf and Malzilla.
Also this time, those tool will help us to understand what's going on with
our PDF file.
Let's run peepdf on this file. As we can see there is some JavaScript object.
Let's examine this by "object 7" command:
Today we will check one of them. :)
During PDF analysis many times we will use peepdf and Malzilla.
Also this time, those tool will help us to understand what's going on with
our PDF file.
Let's run peepdf on this file. As we can see there is some JavaScript object.
Let's examine this by "object 7" command:
[EN] Obfuscated case - JSredirector
Today we'll check some "obfuscated" JavaScript code. I found this example (named
'JSredirector') on this site. Thanks again! ;)
So... Unzip the file and you will find index.html with JS code.
Index.html contains encoded JS code:
'JSredirector') on this site. Thanks again! ;)
So... Unzip the file and you will find index.html with JS code.
Index.html contains encoded JS code:
Subscribe to:
Posts (Atom)