Malware Domain List

Malware Related => Malware Analysis => Topic started by: d3t0n4t0r on October 13, 2009, 09:20:37 am

Title: Need help analyzing these 3 malicious PDF
Post by: d3t0n4t0r on October 13, 2009, 09:20:37 am: Hello,

I was getting a hard time to analyze 3 malicious PDF files.
I've tried using pdf-parser (by didiers) and inflater (by bobby) and also from my own ruby script using pdftoolkit.
I cannot deflate the PDF which makes me stuck on getting the deobfuscated JavaScript and shellcode.

Need help from anyone to analyze these 3 PDF files, and if possible to share how you decode the encoded PDF stream.

Password for zip file : infected

Thank you in advance
Title: Re: Need help analyzing these 3 malicious PDF
Post by: eoin.miller on October 19, 2009, 07:08:26 pm: Just try running it through wepawet?

malware-pdf.pdf
http://wepawet.cs.ucsb.edu/view.php?hash=fe4cc241a48400f1ff4237729738189c&type=js

Tries to download:
http://yhrhrhrhereo.cn/welcome.php?id=5&hello17

SMF 2.0.18 | SMF © 2021, Simple Machines