Skip to main content


Showing posts from June, 2018

Malicious document analysis Part-2

Introduction  A basic and quick approach to analyse phishing documents to identify indicators of maliciousness. Refer Part-1  to understand the tools and approach to analyse office word document. This post covers the  static analysis of pdf document to identify suspicious objects. (FYI  running pdf in sandbox environment can give much insight related to indicators of compromise.)  FYI this post doesn't cover complete & in depth analysis (like dealing with malicious obfuscated javascripts or shellcode)  of malicious documents Tools peepdf Didier Stevens Suite    Analysis  All document samples are pulled from  Hybrid Analysis  - a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.  Hash: 93fc24573bd563f08b3a6a71276bfe085488d3bbb8d79bbbc3a75e5c0497e915              6256dead623ef48c9506e9d5dd92227c59f92828cff610a093b956f3bd7284c2 To analyse PDF files,  open them in a hex