Peepdf Utility for Analyzing Malicous PDF

PDF files are used on many web resources and if we look at malwares we find that attackers always choose to include their malicious JavaScript’s in pdf files. This will help them to hide their malcode, and it can infect thousands of online document readers. This is beside the number of vulnerabilities in third party applications such acrobat adobe reader.

If you are looking to analyze a suspicious PDF file you can check peepdf, a python based utility that can help malware analyst to find suspicious component in any pdf file. The usage is pretty simple by running the following command:

./peepdf.py [options] PDF_file

By using peepdf you will find the MD5 signature information, size, version, if the file is encrypted, different file objects, suspicious elements, file streams, objects with JavaScript code and more.

Here if you are using Acrobat reader than it by default allows Java script execution, there is no need to keep this settings so you need to deactivate this functionality as the following screenshots:

Screenshot for Adobe JavaScript Settings (click to enlarge)

Screenshot for Adobe JavaScript Settings disabled (click to enlarge)

You can read more details about peepdf tool on the official website.

Share