Jump to content
Sign in to follow this  
robertray

Like free PDFs? Take care I guess

Recommended Posts

robertray

http://code.google.com/p/peepdf/

Books are great, learn stuff, have fun, hopefully keep in work/get work .... But our first for knowledge could land us in trouble people.

Especially if you happen to be out of date with your reader or you happen to land a 0 day. Though I would expect these to be saved for targeted attacks, unless the book was something most of the world wanted to read for free.

Found a pdf and did a quick check. Might dig around in it further to see what I can find out. My report so far:

File: examECPPT.pdf


MD5: 413bcb512dcff2414c7eeb83fe143241


Size: 564823 bytes


Version: 1.5


Binary: True


Linearized: False


Encrypted: False


Updates: 1


Objects: 376


Streams: 58


Comments: 0


Errors: 2




Version 0:


	Catalog: 1


	Info: 88


	Objects (376):


	Compressed objects (269): 

	Streams (58): 


		Xref streams (1): 


		Object streams (1): 


		Encoded (41): 


		Decoding errors (1): 




Version 1:


	Catalog: 1


	Info: 88


	Objects (0): []


	Streams (0): []

The javascript has me worried, I have cut out quite a bit of output above/below to try to keep this post clean.

Compared this against a file I would suspect to be clean:

File: examECPPT.pdf


MD5: 413bcb512dcff2414c7eeb83fe143241


Size: 564823 bytes


Version: 1.5


Binary: True


Linearized: False


Encrypted: False


Updates: 1


Objects: 376


Streams: 58


Comments: 0


Errors: 2




Version 0:


	Catalog: 1


	Info: 88


	Objects (376):


	Compressed objects (269): 

	Streams (58): 


		Xref streams (1): 


		Object streams (1): 


		Encoded (41): 


		Decoding errors (1): 




Version 1:


	Catalog: 1


	Info: 88


	Objects (0): []


	Streams (0): []

No suspicious items! Good news. Armando only pretends he is evil!

Had a quick look over http://blog.zeltser.com/post/6780160077/peepdf-malicious-pdf-analysis and was thinking I should look into this much more!

Anyhow bed for me. Every question, just seems to lead to another question lol

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
×