Introduction A basic and quick approach to analyse phishing documents to identify indicators of maliciousness. Refer Part-1 to understand the tools and approach to analyse office word document. This post covers the static analysis of pdf document to identify suspicious objects. (FYI running pdf in sandbox environment can give much insight related to indicators of compromise.) FYI this post doesn't cover complete & in depth analysis (like dealing with malicious obfuscated javascripts or shellcode) of malicious documents Tools peepdf Didier Stevens Suite Analysis All document samples are pulled from Hybrid Analysis - a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology. Hash: 93fc24573bd563f08b3a6a71276bfe085488d3bbb8d79bbbc3a75e5c0497e915 6256dead623ef48c9506e9d5dd92227c59f92828cff610a093b956f3bd7284c2 To analyse PDF files, open them in a hex