Finding Malicious Code: How to Safely Inspect PDF and Office Files

0
7
finding malicious code how to safely inspect pdf and office.jpg
finding malicious code how to safely inspect pdf and office.jpg

Office and PDF documents can be dangerous and contain executable code. With analysis tools, you can discover whether such code is inside before you open it.

The internet is full of malware and suspicious files. As a rule, samples are even sent to your inbox free of charge. In the previous issue, we showed you how to examine PDF and Office attachments – the most common problem cases – and tap on alarm signals. However, the toolboxes presented there can do much more. If you’re curious about a specific Word attachment or you’ve just always wanted to dig into the innards of PDF files, then you’ve come to the right place.

We demonstrate the analyzes on sample documents that do not pose any danger. If you like, you can download the documents to follow the article step by step. Really suspicious files should only be examined in isolated environments, for example in a VM without network access.

Our PDF parsing tool of choice is called pdf-parser.py. The Python script was created by security researcher Didier Stevens, who has written a number of analysis scripts for various formats. You can download the scripts as zip archives from his website. We have explained in detail how to set up Python, after which a call like python pdf-parser.pyto use the tools.

SEE ALSO  We tested the Samsung Galaxy Ring, a revolutionary AI ring