PDF Obfuscation : Using Hexadecimal in Defining Filter
Posted: November 29th, 2009 | Author: xanda | Filed under: IT Related | Tags: analyz3r, client side, exploit, filter, hex, pdf | No Comments »I was reading my RSS feed and suddenly I’ve found this PDF sample. We’ve found PDF-JS Obfuscation with this.info.title last week and this time comes another trick. Using hexadecimal in defining filter..
The following line was found in one of the stream
</Length 0000000/Filter/#41#53#43#49#49#38#35#44#65#63#6f#64#65>> |
once converted from hex to ascii, here is what i’ve found
</Length 0000000/Filter/ASCII85Decode>> |
Yeah.. nothing much, but yes the sample will be passed to Azizan for enhancement of Analyz3r