10/31/2022 0 Comments Malicious pdf sample![]() ![]() I will use a recent file I have received for analysis as a sample on how to do an analysis of Acroform objects. All this makes it a perfect container for maliciousness. Moreover, the code can be included inside other objects or even inside object streams (large chunks of encoded and compressed data). The tricky thing about them that makes them usable for malicious intentions is that, aside from being able of containing objects (text, buttons, images), they can also contain some code (javascript). AcroformĪn Acrobat Form is as simple as a PDF object that contains form fields. There is though one special object that people have a hard time understanding how can it be used for malicious purposes and how can it be analyzed. Many of them are quite self-explanatory and easy to analyse. In the case of PDFs files, the most known tags for finding malicious code are the likes of /OpenAction, /AA (Automatic Action), /Javascript (or /JS), /Launch or /URI. ![]() Obviously, the answer is different depending on the file format, but also on the specificities of each file. I often get questions on how to analyze various types of files for potential maliciousness. In this is also why the format and its structure are widely unknown. ![]() This is why PDFs are hard to edit, transform or extract content from. All this flexibility means an increase in complexity in the background. They are also multi-dimensional, allowing for the integration of many different types of content (text, images, graphic vectors, videos, audio, animations, forms, hyperlinks, buttons. Another advantage is that they can be compressed into a file size that is easy to exchange while retaining image quality. #MALICIOUS PDF SAMPLE SOFTWARE#PDF documents are easy to create and use with specific software to read them, and its content and layout is displayed the exact same way no matter which Operating System, device or software is used to view them. Originally developed as a universally compatible file format based on the PostScript format, it has become a highly-regarded international format to share documents and information in a structured way. One of the most unknown file formats for most IT people is the PDF (Portable Document Format) format type. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |