Monday, 2 March 2015

[EN] Analysing malicious PDF - part 2

This time we will check 2 PDF's (because I decide that it will be more fun than just posting about one ;)). Beside that - those 2 files contains different method for delivering the payload, so we will check all of them.

Sunday, 1 March 2015

[EN] Analyzing Malicious PDF

Reading Contagio Blog I found few examples of malicious PDF files.

Today we will check one of them. :)

During PDF analysis many times we will use peepdf and Malzilla.
Also this time, those tool will help us to understand what's going on with
our PDF file.

Let's run peepdf on this file. As we can see there is some JavaScript object.
Let's examine this by "object 7" command:

[EN] Obfuscated case - JSredirector

Today we'll check some "obfuscated" JavaScript code. I found this example (named
'JSredirector')  on this site. Thanks again! ;)

So... Unzip the file and you will find index.html with JS code.

Index.html contains encoded JS code: