Posts

Showing posts from June, 2018

Malicious document analysis Part-2

Image
Introduction 
A basic and quick approach to analyse phishing documents to identify indicators of maliciousness. Refer Part-1 to understand the tools and approach to analyse office word document. This post covers the  static analysis of pdf document to identify suspicious objects. (FYI  running pdf in sandbox environment can give much insight related to indicators of compromise.)  FYI this post doesn't cover complete & in depth analysis (like dealing with malicious obfuscated javascripts or shellcode)  of malicious documents
Tools peepdfDidier Stevens Suite  Analysis  All document samples are pulled from Hybrid Analysis - a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology. 
Hash:93fc24573bd563f08b3a6a71276bfe085488d3bbb8d79bbbc3a75e5c0497e915 6256dead623ef48c9506e9d5dd92227c59f92828cff610a093b956f3bd7284c2

To analyse PDF files,  open them in a hex editor and look for the  signs of malicious PDF files, l…