PDF malware analysis with PDF Dissector

PDF Dissector is a tool for PDF malware analysis. Use cases:

• Understand the structure of malicious PDF files
• Let PDF Dissector report known vulnerabilities in PDF files
• Make use of refactoring functionality to understand obfuscated JavaScript code
• Use the built-in JavaScript interpreter to debug malicious JavaScript code
• Use and extend the built-in Adobe Reader emulator to simulate the execution environment expected by PDF malware
• Dump PDF exploit shellcode to a file for further analysis with IDA Pro
• Write scripts and plugins to extend PDF Dissector to meet your specific goals.

Here are the changes compared to PDF Dissector 1.0.0:

• Raw and decoded content of streams can now be dumped to files
• Decoded streams can now be viewed in hexadecimal view
• PDF browsing tree now shows the types of PDF objects
• Long-running JavaScript scripts can now be cancelled
• Improved PDF parsing for objects that do not end with “endobj’
• Removed function names of two emulated functions from the variable inspector of the debugger
• Added the previously missing tutorials directory that contains sample files for the tutorial
• API: Made it possible to access dictionary entries, array elements, and indirect references.