Analyzing Malicious PDF Documents with PDF Stream Dumper
Vulnerable plugins allow attacker to run malicious code on any Internet user one of the most widely installed browser plugin is Acrobat Reader, this makes attacker focus on this plugin to have control on as much possible from victims on internet.
For analyzing pdf file you can use PDF Stream Dumper an open source tool that can do the following:
1. Analyzing PDF File Suspicious content
The tool already has a signature for exploit to compare against any pdf file you want to examine. You start by uploading the pdf file or drag and drop it. Than you select exploit scan on the top of the application interface and you will find suspicious objects within the PDF file.
3. Analyzing PDF File Shellcode
PDF Stream Dumper integrates tools for analyzing shellcode , Libemu a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. So instead of statically analyzing the shellcode, you can use the libemu emulation library.
Emulation makes it possible to determine which API functions a program uses without the risk of infecting your machine. Output from libemu is much different than a static disassembly, because it shows the contents of registers after each instruction and creates logs of API calls made by the shellcode.