Thursday, September 15, 2011

Analyzing Malicious PDF Files with Peepdf [Spanish]

Via securitybydefault


peepdf is a tool written in Python that analyzes the tree structure in the PDF file. This kind of tool is really helpful to have a first impression and decide whether a PDF file could be malicious or not.

The commented post uses  peepdf to find the objects containing the Javascript code that makes the heap spry and the shellcode.

Once shellcode is extracted, they use a standard debugger to conclude that it downloads  a version of the Zeus trojan

No comments:

Post a Comment