« previous next »
Pages: [1]   Go Down

Author Topic: Need help analyzing these 3 malicious PDF  (Read 4464 times)

0 Members and 1 Guest are viewing this topic.

October 13, 2009, 09:20:37 am
Read 4464 times

d3t0n4t0r

  • Jr. Member
  • Offline
  • **
  • 13
Need help analyzing these 3 malicious PDF
Hello,

I was getting a hard time to analyze 3 malicious PDF files.
I've tried using pdf-parser (by didiers) and inflater (by bobby) and also from my own ruby script using pdftoolkit.
I cannot deflate the PDF which makes me stuck on getting the deobfuscated JavaScript and shellcode.

Need help from anyone to analyze these 3 PDF files, and if possible to share how you decode the encoded PDF stream.

Password for zip file : infected

Thank you in advance
Logged
October 19, 2009, 07:08:26 pm
Reply #1

eoin.miller

  • Sr. Member
  • Offline
  • ****
  • 179
Re: Need help analyzing these 3 malicious PDF
Just try running it through wepawet?

malware-pdf.pdf
http://wepawet.cs.ucsb.edu/view.php?hash=fe4cc241a48400f1ff4237729738189c&type=js

Tries to download:
http://yhrhrhrhereo.cn/welcome.php?id=5&hello17
Logged
Pages: [1]   Go Up
« previous next »