Malware Domain List

Malware Related => Malware Analysis => Topic started by: binary on October 30, 2009, 07:06:49 am

Title: unable to decode streams in pdf
Post by: binary on October 30, 2009, 07:06:49 am
Hi Guys,

I was laying my hands on a malicious pdf and was unable to decode the streams either using pdf-parser or using pdftk. Pls can you have a look at it.

Password - infected
Title: Re: unable to decode streams in pdf
Post by: SysAdMini on October 30, 2009, 07:27:44 am
pdf-parser decodes the fike properly. After decoding you find 5 JS sections.
Title: Re: unable to decode streams in pdf
Post by: binary on October 30, 2009, 07:55:58 am
Is it highly obfuscated?
Title: Re: unable to decode streams in pdf
Post by: SysAdMini on October 30, 2009, 08:20:18 am
Is it highly obfuscated?

Nothing special.
Title: Re: unable to decode streams in pdf
Post by: binary on October 30, 2009, 10:28:02 am
lolz yes,

hxxp://embrari-2.cn/giri/update.php?id=5 and the id keeps rotating :D

Thanks
Binary
Title: Re: unable to decode streams in pdf
Post by: binary on October 30, 2009, 11:02:08 am
I was just wondering what that other things mean?

There were three distinct sects of '\x??' on the file.... Is it added just like that or does it mean something?