Mar 12, 2011

Suspicious PDF

Have not been doing malware analysis for awhile. I have receive a suspicious PDF file and decided to do some analysis using REMnux.

Analysis Report:
##############

File: china.pdf
Size: 131336
MD5: 4CA99F7FCFFECD14CDE0CDF7D9414EC5

First, by using the pdfid.py, notice some javascript were embedded in the PDF file.



With pdf.py, it can extract the embedded codes in the file. It also confirm that the PDF file contains javascript.



By analysing the output, it shows obfuscated javascript. Possible Heap Spray attack.




Jsunpack-n shows that suspicious shellcodes were embedded. But no known exploit found.



No comments:

Post a Comment