PDF malware analysis with PDF Dissector

PDF Dissector is a tool for PDF malware analysis. Use cases:

  • Understand the structure of malicious PDF files
  • Let PDF Dissector report known vulnerabilities in PDF files
  • Make use of refactoring functionality to understand obfuscated JavaScript code
  • Use the built-in JavaScript interpreter to debug malicious JavaScript code
  • Use and extend the built-in Adobe Reader emulator to simulate the execution environment expected by PDF malware
  • Dump PDF exploit shellcode to a file for further analysis with IDA Pro
  • Write scripts and plugins to extend PDF Dissector to meet your specific goals.

Here are the changes compared to PDF Dissector 1.0.0:

  • Raw and decoded content of streams can now be dumped to files
  • Decoded streams can now be viewed in hexadecimal view
  • PDF browsing tree now shows the types of PDF objects
  • Long-running JavaScript scripts can now be cancelled
  • Improved PDF parsing for objects that do not end with “endobj’
  • Removed function names of two emulated functions from the variable inspector of the debugger
  • Added the previously missing tutorials directory that contains sample files for the tutorial
  • API: Made it possible to access dictionary entries, array elements, and indirect references.

Don't miss