Categories: Forensics Tools

Creating and Analyzing a Malicious PDF File with PDF-Parser Tool

This tool will parse a PDF document to distinguish the central components utilized as a part of the analyzed file. It won’t render a PDF archive.

Features included:

  • Load/parse objects and headers
  • Extract metadata (author, description, …)
  • Extract text from ordered pages
  • Support of compressed pdf
  • Support of MAC OS Roman charset encoding
  • Handling of hexa and octal encoding in text sections
  • PSR-0 compliant (autoloader)
  • PSR-1 compliant (code styling)

You can Take the best Certified Cyber Threat Intelligence Analyst online course to learn and analyze more related cyber threats.

Analyzing a Malicious PDF File

We have created the PDF file with an EXE file embedded with it.

Step 1: To launch the PDF parser type pdf-parser

root@kali:~# pdf-parser -h

 List all the options with PDFParser

Step 2: To get the stats of the PDF Document.

root@kali:~# pdf-parser -a /root/Desktop/template.pdf

Step 3: Passing stream data through Filters FlateDecode,ASCIIHexDecode, ASCII85Decode, LZWDecode, and RunLengthDecode.

root@kali:~# pdf-parser -f /root/Desktop/template.pdf

Step 4: To get the Hashes of the PDF file.

root@kali:~# pdf-parser -H /root/Desktop/template.pdf

Step 5: Case-sensitive search in streams

root@kali:~# pdf-parser –casesensitive /root/Desktop/template.pdf

Step 6: To get the javascript added to the document.

pdf-parser –search javascript –raw /root/Desktop/template.pdf

The stats option shows insights into the items found in the PDF report. Utilize this to recognize PDF archives with unusual/unexpected objects, or to characterize PDF records.

The search option scans for a string in indirect objects (not inside the surge of Indirect objects). The inquiry is not case-sensitive and is defenseless to obfuscation methods.

The filter option applies the filter(s) to the stream, whereas the raw option makes the pdf-parser output raw data.

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read:

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

View Comments

Leave a Comment
Share
Published by
Gurubaran
Tags: Malicious PDFPdf analysisPDF malwarePdf parser
1 year ago

Recent Posts

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and their…

2 hours ago

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…

14 hours ago

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…

19 hours ago

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…

19 hours ago

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…

19 hours ago

Metasploit Framework Released with New Features

The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…

22 hours ago