In many cases, static analysis can answer pretty much any question that an engineer has when analyzing these types of samples. There are multiple dedicated open source tools that can make this process pretty straightforward. Let's explore some of the most popular ones:
- pdf-parser: A versatile Swiss knife tool when we are talking about PDF analysis. Among its features are the ability to build stats for names presented in a file (this also can be done using pdfid from the same author), as well as to search for particular names, and decode and dump individual objects. Here are some of the most useful commands:
- -a: Displays stats for the PDF sample
- -O: Parses /ObjStm objects
- -k: Searches for the name of interest
- -d: Dumps the object specified using the -o argument
- -w: Raw output
- -f: Passes an object through decoders
- peepdf: Another tool in the arsenal of malware analysts, this provides various useful commands that aim to identify, extract, decode, and beautify extracted...