Releasing malpdfobj (malicious PDF described in a JSON object)
About a month ago I posted a blog describing research I was doing on malicious PDF files. As part of this research I needed a way to represent a malicious PDF file in a queryable form. I ultimately decided on MongoDB as my backend and therefore wanted to get the malicious file in a JSON form so I could store it.
The tool I just released today is a composite of tools from myself and Didier Stevens. Didier's PDF tools have done a lot of the heavy lifting, but my glue code brings multiple pieces of data into a single object. As of right now the object contains the following details:
structure (all names, entropy, header, date, etc.), hashes (file, every object), scans (wepawet, virustotal)
I plan on adding more to the tool itself, but wanted to release it right now because I think the community could benefit or assist in the development. If you are interested in reading more or want to download the tool then please see: