728x90
Yesterday Steve Basford informed us of yet another type of malicious document (Sales Invoice 519658.pdf MD5 bfe397fb9b7907ab34ba83f0f086336d). It is a PDF document, containing an embedded file, with JavaScript to extract the embedded file to a temporary folder and then open it. The embedded file is a malicious Word document like we've seen many of them the last months.
When you open this PDF file with Adobe Reader, you get a warning and the embedded file is only opened when you approve it.
You can analyze such PDFs without using Adobe Reader or Microsoft Word, but with my tools pdfid, pdf-parser and oledump.
If you want to know in detail how to do this, I have a video.
728x90
'malware ' 카테고리의 다른 글
| Node.Js Server-Side JavaScript Injection Detection & Exploitation (0) | 2015.04.26 |
|---|---|
| Deep dive into QUANTUM INSERT (0) | 2015.04.26 |
| In-Memory ShellCode Detection Using a Patterns-Based Methodology (0) | 2015.04.24 |
| DYREZA’S ANTICRYPT (0) | 2015.04.23 |
| Malvertising, Exploit Kits, ClickFraud & Ransomware: A thriving underground economy (0) | 2015.04.23 |