Notifications

Clear all

Pdf Analysis

General (Technical, Procedural, Software, Hardware etc.)

Last Post by liguoroa 3 years ago

4 Posts

3 Users

2 Reactions

22.7 K Views

RSS

liguoroa

(@liguoroa)

Estimable Member

Joined: 16 years ago

Posts: 43

Topic starter 09/12/2022 9:12 am [#19757]

Dear All,
I would like to compare the structure of some pdf file because 2 of them could have been generated or modified by a malware.

I'm completely new to pdf analysis. Do you suggest any reference? Which tool you suggest to see
the structure of pdf files?

Free or inexpensive software are welcomed 🙂

Thank you in advance,
Best Regards
Andrea Liguoro

Quote

Henk

(@tecleo)

Active Member

Joined: 6 years ago

Posts: 8

12/12/2022 7:44 am

Hi Andrea, below is a list of PDF tools + tutorials that may guide you in the right direction.

## ExifTool by Phil Harvey

https://exiftool.sourceforge.net/

## PdfStream Dumper

Designed to allow you to parse and analyze PDF files in their raw format.

http://sandsprite.com/blogs/index.php?uid=7&pid=57

## QPDF

A C++ library and set of programs that inspect and manipulate the structure of PDF files. It can encrypt and linearize files, expose the internals of a PDF file, and do many other operations useful to end users and PDF developers

https://sourceforge.net/projects/qpdf/

## Pdf parser

https://www.kali.org/tools/pdf-parser/

https://blog.didierstevens.com/programs/pdf-tools/

## XpdfReader

A free PDF viewer and toolkit, including a text extractor, image converter, HTML converter, and more. Most of the tools are available as open source.

https://www.xpdfreader.com/download.html

## Binwalk

For searching a given binary image for embedded files and executable code.

https://github.com/ReFirmLabs/binwalk

## PDF CanOpener 💰

An Adobe Acrobat Plug-In for detailed analysis and COS level manipulation of PDF documents. It provides instant access to information about drawn objects (fonts, color spaces, page location, etc.) as well as a COS level tree view for analysis and manipulation of the internal object structure

https://www.windjack.com/product/pdfcanopener/

## PDFResurrect

A tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to modify the PDF so that a reading utility will be presented with the previous versions of the PDF. The modified "versions" will be generated as new files leaving the original PDF unmodified.

https://github.com/enferex/pdfresurrect

## JEB2 PDF Analysis Plugin 💰

Analyze malicious Adobe™ PDF files

https://www.pnfsoftware.com/jeb2/pdfplugin

## pdfminer.six

A tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact location, font or color of the text.

https://github.com/pdfminer/pdfminer.six

## pdfxplr

Extract hidden data from pdf files.

https://github.com/sowdust/pdfxplr

# Recommended Reading

## 13Cubed Juicy PDFs

https://www.youtube.com/watch?v=hr6gQXErdc0

## Didier Stevens - PDF Tools

Here is a set of free YouTube videos showing how to use my tools: Malicious PDF Analysis Workshop.

https://blog.didierstevens.com/programs/pdf-tools/

### Malicious PDF Analysis Workshop

https://www.youtube.com/watch?v=F3rpZT0gKXw&list=PLa-ohdLO29_Y2FeT24w-c9nA_AH84MIpp