How can I tell if a PDF file I was sent contains malware?

  • I was emailed a PDF file by a family member. I have reason to suspect that it was given to said family member by someone who would like nothing more than to infect me with a Remote Access Trojan. How can I tell if it contains code that would allow an attacker to gain access to my Android phone?

  • Mirsad

    Mirsad Correct answer

    5 years ago

    You can upload a pdf to VirusTotal and check if that file is infected, but be careful since results from VirusTotal are not 100% accurate.

    There is also PDF Examiner.

    PDF Examiner by Malware Tracker is able to scan the uploaded PDF for several known exploits, allows the user to explore the structure of the file, as well as examine, decode and dump PDF object contents. This tool lends itself well to manual PDF analysis tasks. In this way, it differs from Jsunpack and Wepawet, which focus on automating the analysis as much as possible.

    One more free service Jsunpack.

    Jsunpack by Blake Hartstein is designed for automatically examining and de-obfuscating JavaScript. Its features also include carving contents of network packet capture (PCAP) files and identifying common client-side exploits. It can also examine PDF files for malicious JavaScript artifacts.

    For deeper analysis you should check PDF tools from Didier Stevens.

    https://blog.didierstevens.com/programs/pdf-tools/

    jsunpack link is broken

    PDF Examiner link is dead; they appear to have pivoted so not sure if it's worth just removing the link, or removing the paragraph entirely.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM