PDF Examiner Malware Analysis Suite
Automate malware PDF analysis and step through the objects of a malicious PDF. Support for basic PDF Javascript de-obfuscation, encrypted PDFs (RSA, AESV2, Revision 5 AESV3). Dissect PDF streams to discover new and known exploits. Detect variants of CVE-2007-5659, CVE-2009-3953, CVE-2009-3959, CVE-2009-0927, CVE-2008-2992, CVE-2009-4324, CVE-2009-1493, CVE-2010-0188, CVE-2010-1297, CVE-2010-2883, CVE-2010-3654, CVE-2010-4091, CVE-2011-0609, CVE-2011-0611, CVE-2011-2462, and CVE-2011-4369 etc. Try it out free online. Run your own internal web-based PDF Examiner system internally as part of our enterprise site license - enable your malware analysts to collaborate securely on your own private internal network. Add your own detection signatures or use our subscription update service to stay up to date with the latest threats.
New:The PDFExaminer is also now available as a PHP command line scanning tool to analyse and report on PDFs instantly to provide a malware rating for a single file or directory of files. Integrate the command line version in your email gateway or network security solution to detect new emerging threats that most commercial antivirus products have difficulty detecting.
PDFExaminer is also available as a private hosted instance fully maintained and supported by MalwareTracker on a reliable RAID 10 infrastructure.
Versions
- Free public online version - web and command line API
- Command line scanner - rapid detection engine PHP $400
- LAN Single License - web interface and lan command line API
- Enterprise License - web interface and full command line version included
- Private Hosted instance - web interface and command line API
- Malware Intelligence Feed (MIPDF) from the public online version receiving new threats daily. View reports and download samples.
Features
- Display PDF file structure as individual objects in both encoded and uncompressed format, exploit or JavaScript objects are automatically flagged.
- Automatically detect published exploits with CVE number.
- Deobfuscate common JavaScript obfuscation techniques automatically.
- Flag obfuscated JavaScript in objects.
- Process PDF encryption to view objects decrypted.
- Automatically extract and analyze embedded PDFs.
- View as hexview, or raw in browser, or download as file (easily download Flash files, embedded truetype fonts, shellcode, or JavaScript blocks for external analysis.)
- Search database for PDF files with similar exploits.
- Batch ingest a single file or directory of PDFs from the command line.
- Receive regular PDF exploit signature updates.
- Extend the default functionality with your own scripts or signatures.
Usage
Quickly identify known exploits and obfuscated JavaScript of new threats.
View and extract decoded objects for further analysis.
View known exploits, some JavaScript obfuscation can be automatically unpacked.
Please contact us for ordering information.