Security Advisories

Trustwave Press Releases

« Trustwave Releases New ModSecurity Rules and Support | Main | TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server »

22 September 2011


Nice post!
It's fortunate enough to encounter this article.I'm a college student majoring in malware analysis,especially on PDF. Can you share the sample1.pdf(not the MD5) ?So I can deeply understand the analysis method.

Thank you!

Thanks for the post!

Off-topic, but does anyone know what vim color scheme is being used when displaying the JavaScript code?

This is excellent, I've discovered new tools as a result, including Malzilla. Could I have a copy of the pdf to test please?

@jena FWIW looks like pdfscan.rb was officially removed from Origami via this commit: You can always pull out the old code from the project's versioning, or use Remnux 2 (not Remnux 3) if you like the tool, just be aware that the authors have apparently dropped support for it.

I'm aware that I'm pretty much talking to myself here but..

These are the scripts I see>
pdf2graph pdfcocoon pdfdecrypt pdfmetadata
config pdf2pdfa pdfcop pdfencrypt pdfsh
pdf2ruby pdfdecompress pdfextract pdfwalker

and I can run them but I don't see the pdfscan.rb

nm, got it :) Thanks for this post!

I'm stuck at trying to get the pdfscan.rb to run. :( I'm probably doing something stupid, if you're bored can you help?


Thanks Marc!

MD5 (sample1.pdf) = b52d2b1e5746f521c6452461f3760f94


Nice post,

Can you share the sample (or the MD5) ?


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)