Author Topic: Need help analyzing these 3 malicious PDF  (Read 3292 times)

0 Members and 1 Guest are viewing this topic.

October 13, 2009, 09:20:37 am
Read 3292 times

d3t0n4t0r

  • Jr. Member

  • Offline
  • **

  • 13
Hello,

I was getting a hard time to analyze 3 malicious PDF files.
I've tried using pdf-parser (by didiers) and inflater (by bobby) and also from my own ruby script using pdftoolkit.
I cannot deflate the PDF which makes me stuck on getting the deobfuscated JavaScript and shellcode.

Need help from anyone to analyze these 3 PDF files, and if possible to share how you decode the encoded PDF stream.

Password for zip file : infected

Thank you in advance

October 19, 2009, 07:08:26 pm
Reply #1

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
Just try running it through wepawet?

malware-pdf.pdf
http://wepawet.cs.ucsb.edu/view.php?hash=fe4cc241a48400f1ff4237729738189c&type=js

Tries to download:
http://yhrhrhrhereo.cn/welcome.php?id=5&hello17