Tools: pdfid.py and pdf-parser.py, QPDF and Poppler.
ISC diary entries: “Encrypted Sextortion PDFs”
Sample: 294592cd85ddf80ad1a092f955f1ae25
my software
Analyzing DAA Files
Tools: search-for-compression.py
ISC diary entries: “Malicious .DAA Attachments” and “The DAA File Format”
Sample: 6e8947a82c97c26728dc590ed797ee23
Analyzing Compressed PowerShell Scripts
Tools: oledump.py, base64dump.py, translate.py
ISC diary entry: Analyzing Compressed PowerShell Scripts
Sample: 1d5794e6b276db06f6f70d5fae6d718e
Analysis of PDFs Created with OpenOffice/LibreOffice
Tools: pdfid.py, pdf-parser.py
ISC diary entry: Analysis of PDFs Created with OpenOffice/LibreOffice
Maldoc Analysis: Excel 4.0 Macro
Sample: 7df15be35bd8fd1a98adc24e6be7bfcd..
Tools: oledump.py
ISC Diary entry: Maldoc: Excel 4.0 Macro
Maldoc: Excel 4.0 Macro
Analyzing a Phishing PDF with /ObjStm
Sample: 55c336693e66b5d6a799b6b4f8eb5f1a.
Tools: pdfid.py, pdf-parser.py
Blog post: Analyzing a Phishing PDF with /ObjStm
