Tag Archives: PDF

Yet another PDF/XDP Malware

Today we’re going to analyze yet another sample of PDF containing an XDP form. The difference between this sample and the one of my previous post is that this one will be less about JavaScript deobfuscation and more about anti-analysis … Continue reading

Posted in PDF, Profiler | Tagged , , , | Comments Off on Yet another PDF/XDP Malware

PDF/XDP Malware Reversing

Recently version 2.6 of Profiler has been released and among the improvements support for XDP has been introduced. For those of you who are unfamiliar with XPD, here’s the Wikipedia description: “XML Data Package (XDP) is an XML file format … Continue reading

Posted in PDF, Profiler | Tagged , , , | Comments Off on PDF/XDP Malware Reversing

PDF object search output

In the upcoming 0.8.0 version of the Profiler it will be possible to print out the matches of PDF object searches. This comes very handy during analysis if we want to know, for instance, all values for a given key. … Continue reading

Posted in PDF, Profiler | Tagged , | Comments Off on PDF object search output

PDF AES256 (Revision 6)

The upcoming version 0.7.9 of the Profiler features support for the still to be publicly released PDF symmetric encryption revision 6. While the PDF specifications are not yet freely available, Adobe has already started supporting the new standard. This is … Continue reading

Posted in PDF, Profiler | Tagged , , | Comments Off on PDF AES256 (Revision 6)

PDF object search

The soon to be released version 0.7.4 of the Profiler features a useful PDF object search functionality. The introduction of this feature was possible thanks to the newly introduced parameters API and format specific actions. Through this action it’s possible … Continue reading

Posted in PDF, Profiler | Tagged , , | Comments Off on PDF object search