Author Topic: unable to decode streams in pdf  (Read 4275 times)

0 Members and 1 Guest are viewing this topic.

October 30, 2009, 07:06:49 am
Read 4275 times

binary

  • Jr. Member

  • Offline
  • **

  • 15
Hi Guys,

I was laying my hands on a malicious pdf and was unable to decode the streams either using pdf-parser or using pdftk. Pls can you have a look at it.

Password - infected
There are only 10 kinds of people in this world, those who understand binary and those who don't

October 30, 2009, 07:27:44 am
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
pdf-parser decodes the fike properly. After decoding you find 5 JS sections.
Ruining the bad guy's day

October 30, 2009, 07:55:58 am
Reply #2

binary

  • Jr. Member

  • Offline
  • **

  • 15
Is it highly obfuscated?
There are only 10 kinds of people in this world, those who understand binary and those who don't

October 30, 2009, 08:20:18 am
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Is it highly obfuscated?

Nothing special.
Ruining the bad guy's day

October 30, 2009, 10:28:02 am
Reply #4

binary

  • Jr. Member

  • Offline
  • **

  • 15
lolz yes,

hxxp://embrari-2.cn/giri/update.php?id=5 and the id keeps rotating :D

Thanks
Binary
There are only 10 kinds of people in this world, those who understand binary and those who don't

October 30, 2009, 11:02:08 am
Reply #5

binary

  • Jr. Member

  • Offline
  • **

  • 15
I was just wondering what that other things mean?

There were three distinct sects of '\x??' on the file.... Is it added just like that or does it mean something?
There are only 10 kinds of people in this world, those who understand binary and those who don't