See Didier Stevens PDF Tools when examining a PDF file for malware. Avoid rendering a suspicious PDF file.
See his InfoSec Handlers Diary Blog “Encrypted PDFs” for decrypting PDFs.
Aggressive Virus Defense
Take measures
About Me
Russ Klanke, CISSP
Seattle
Contents
- Report Phishing
- Report SPAM (eMail)
- Ending unsolicited email (SPAM)
- Report SPAM (text message or SMS)
- Report Malicious URL
- Report Telemarketing Calls
- Report Product Safety Issues
- Opt Out Of Advertising Tracking Cookies
- Can You Trust That Web Site?
- Metawebsites
- My Server or Web Site Was Hacked?
- Can You Trust That File?
Introduction
- Cyber Security in the United States
- Eliminate Your Job
- Revisiting Layered Security
- Re-imagine Security
- Vulnerability, Threat, Risk, Exploit
- Don’t “Protect To the Regulation”
- Don’t Emphasize Security
- Awareness
- Data Loss Prevention
- Files In the Cloud
- Cloud Security
- Standard Practice, Best Practice, Due Diligence, Due Care
- Compliance and Guidance Links
- Incident
- Incident Response
- Addressing Vulnerabilities
- Vulnerability Remediation Measures (QualysGuard Focused)
- Web Application Firewall (WAF)
- Penetration Testing
- Log Files
- Log Parser
- Create a SQL Table of Known Good File Hash Values
- Framework
- Metrics & Benchmarks
- Security Awareness Training
- The Role Of the OSI Model
- Payment Card Industry Data Security Standard (PCI DSS)
- Lessons from the Heartland Data Breach
- Data On Your Not-So-Smart Phone
- 4G
- Mobile Device Security
- Do Cell Phones Get Viruses?
- Apple iPhone OS 3.0.1 SMS Vulnerability Debriefing
- DigiNotar Certificate Authority Breach
- SSL Vulnerability Debriefing
- HBGary Compromise Debriefing
- Web Application Two Factor Authentication (and Two Way)
- OWASP Top 10
- Web Application Testing
- Running RatProxy in a Windows and cygwin environment
- Web Application Development
- Checking Your Web Application
- SQL Server Security
- Gruyere Lessons On Secure Application Development
- Somewhat Widespread Web Hacking
- Java Script Added To Web Pages
- Information Gathering
- Reconnaissance, Scanning
- Password Cracking
- Fighting Back, Business Continuity, Government Actions
- New Hire Initial Assessment
- Busy Firewall Administrators Note
- Attacks
- Blocking Torrent and Instant Messenger Traffic
- Information Leakage Detection (regex)
- Your Web Browser Verifies You
- Your GPS Coordinates, Exposed
- How Did They Get My Personal Information?
- Is Anti-virus Reactive?
- Anti-virus Remains Important
- The Anti-Virus Guy
- Is Anti-Virus Dead?
- What’s different about this approach?
- Hidden Files
- Can You Clean a Virus?
- Web Browser Forensics
- Annoyed By Redirection Notifications?
- Basic Virus Defense
- Simple Malware Discovery Measures
- Code Packers and Malware Detection
- PDF Files
- RSA Security Attack Timeline
- DNS Client Settings
- Finding the DNS Setting Victims
- Finding hidden copies of mIRC
- Finding Suspicious Services
- Finding Suspicious Filenames
- Root Cause Inspection
- Fellow Malware Travelers
- Using Behavioral Analysis To Discover Undetected Malware
- Fighting Back, Business Continuity and Government Actions
- How Anti-Virus Vendors Could Improve Detection
- WordPress On the PopPressed Radar
- Semantic difficulty: Do Macs / Linux Get Windows Viruses?
- Remote Access To Mac
- Alternatives To Reimaging
- How To Disable Autorun.inf In Windows Vista
- Windows Command Line
- Windows Vista and Windows 7 Tweaks
- Network Cheatsheets
- Network Tools
- Network Tools For Windows Mobile
- Network Forensics Tools
- Administration and Security Using nmap
- Wireless
- Physical Security
- vssadmin vs. TrueCrypt
- Password Manager Tools
- Code 41
- WinPcap, Wireshark upgrade message
- ESET NOD32 Antivirus 4 “decompression could not complete” errors
- Malzilla error “The ordinal – LIBEAY32.dll”
- Microsoft Attack Surface Analyzer Error Message
- Disable Acrobat Javascript
- Disable Java Web Start
- Write Protect USB Drives
- Securing a USB Drive
- Update Your Secure USB Drive
- Firefox Configuration
- Metadata
- Metadata: Creating Confusion Out Of Clarity
- Digital Forensics Links
- Digital Forensics Articles Links
- eDiscovery and Keyword Searches
- Certificate Error DoD Civilian Job Applications
- Cyberspace Policy Review
- October is National Cybersecurity Awareness Month
- Internet Explorer or Firefox?
- The C-Level Virus
- Rant: Terminology, Semantics, Pedantic Rant
Use this link to do your shopping on Amazon.com and AggressiveVirusDefense benefits from your purchases! Thank you to whomever has been using this unobtrusive link.- Report Phishing
Pages
Travel
- Airline Fees SmarterTravels’s compiled list of airline fees
Meta
Aggressive Virus Defense 
I haven’t tested virustotal.com’s pdf info section; but, wonder if it’s now doing much of what Steven’s pdf parser does; it does show some of the output that the Steven’s parser shows.
Example: http://www.virustotal.com/#/file/92b1632dbf817e50a04552e355ede7bff13d61ed836cf30175d865221af138af/details > PDF Info section