Analysis of PDF and AutoCAD

[yoshimo]

Not sure if this is feasible just yet. Still looking for some kind of decompiler and tools like oletools for ms office files, but this two filetypes might profit from a similiar short decision like ms office files as they can both include macros and executable code that is polymorph and not necessarily in av signatures yet.

[dvadell]

Hi. It would be great to be able to filter PDFs to some extent.

For PDFs I found a couple of alternatives here: https://github.com/rshipp/awesome-malware-analysis. PeepPDF looks useful.

[decalage2]

If you want to simply identify PDF files with suspicious content such as JavaScript, OpenActions, etc, another option is to use PDFID from Didier Stevens: https://blog.didierstevens.com/programs/pdf-tools/#pdfid

Many years ago, I made a slightly modified version of PDFID that can be called from a Python application (the original PDFID was just a command line tool):

• https://www.decalage.info/en/python/pdfid
• https://github.com/decalage2/exefilter/tree/master/thirdparty/pdfid

It's not fully up to date, but can be a good starting point.

It all depends what you want to detect in PDFs. More info about PDF security issues: https://www.decalage.info/en/file_formats_security/pdf

[sbidy]

That's a good point - thank you @yoshimo and @dvadell for that. But unfortunately I have no time to implement a "new feature". 😢
There are to many bugs and enhancements which should be fixed first.

Maybe I found some time in the coming holidays to look into that. But feel free to contribute and start coding on that!! 😃

[dvadell]

@sbidy thanks a lot for all your work!