Like free PDFs? Take care I guess

[robertray 41]

http://code.google.com/p/peepdf/

Books are great, learn stuff, have fun, hopefully keep in work/get work .... But our first for knowledge could land us in trouble people.

Especially if you happen to be out of date with your reader or you happen to land a 0 day. Though I would expect these to be saved for targeted attacks, unless the book was something most of the world wanted to read for free.

Found a pdf and did a quick check. Might dig around in it further to see what I can find out. My report so far:

File: examECPPT.pdf


MD5: 413bcb512dcff2414c7eeb83fe143241


Size: 564823 bytes


Version: 1.5


Binary: True


Linearized: False


Encrypted: False


Updates: 1


Objects: 376


Streams: 58


Comments: 0


Errors: 2




Version 0:


	Catalog: 1


	Info: 88


	Objects (376):


	Compressed objects (269): 

	Streams (58): 


		Xref streams (1): 


		Object streams (1): 


		Encoded (41): 


		Decoding errors (1): 




Version 1:


	Catalog: 1


	Info: 88


	Objects (0): []


	Streams (0): []

The javascript has me worried, I have cut out quite a bit of output above/below to try to keep this post clean.

Compared this against a file I would suspect to be clean:

File: examECPPT.pdf


MD5: 413bcb512dcff2414c7eeb83fe143241


Size: 564823 bytes


Version: 1.5


Binary: True


Linearized: False


Encrypted: False


Updates: 1


Objects: 376


Streams: 58


Comments: 0


Errors: 2




Version 0:


	Catalog: 1


	Info: 88


	Objects (376):


	Compressed objects (269): 

	Streams (58): 


		Xref streams (1): 


		Object streams (1): 


		Encoded (41): 


		Decoding errors (1): 




Version 1:


	Catalog: 1


	Info: 88


	Objects (0): []


	Streams (0): []

No suspicious items! Good news. Armando only pretends he is evil!

Had a quick look over http://blog.zeltser.com/post/6780160077/peepdf-malicious-pdf-analysis and was thinking I should look into this much more!

Anyhow bed for me. Every question, just seems to lead to another question lol