PDF Dissector

zynamics PDF Dissector is the leading tool for PDF malware analysis

PDF Dissector is a GUI-based PDF malware analysis tool that was specifically built to assist PDF malware analysts.

To achieve this, PDF Dissector bundles everything malware analysts need for PDF malware analysis into a single tool. PDF Dissector has a PDF file format parser that was specifically built to detect malicious PDF files. It provides ways to quickly search through the elements of PDF files. It has a built-in JavaScript interpreter to execute malicious scripts and it has an Adobe Reader emulator to make sure that all features of malicious scripts are correctly executed.

The plugin architecture of PDF Dissector makes it possible to customize and automize PDF Dissector with plugins and scripts written in Java, Python, or Ruby.

Please note that there are no current plans to resume sales for zynamics PDF Dissector.
Use Cases
  • Understand the structure of malicious PDF files
  • Let PDF Dissector report known vulnerabilities in PDF files
  • Make use of refactoring functionality to understand obfuscated JavaScript code
  • Use the built-in JavaScript interpreter to debug malicious JavaScript code
  • Use and extend the built-in Adobe Reader emulator to simulate the execution environment expected by PDF malware
  • Dump PDF exploit shellcode to a file for further analysis with IDA Pro
  • Write scripts and plugins to extend PDF Dissector to meet your specific goals

To learn more about the features and use cases of PDF Dissector please take a look at the PDF Dissector manual.

Analyzing a PDF file with PDF Dissector

Screenshot 1: Analyzing a PDF file with PDF Dissector

Debugging malicious JavaScript code with PDF Dissector

Screenshot 2: Debugging malicious JavaScript code with PDF Dissector

Inspecting the shellcode of a malicious PDF file

Screenshot 3: Inspecting shellcode of a malicious PDF file

Two Flash videos are available to demonstrate the workflow with PDF Dissector. The first video shows how PDF Dissector can be used to analyze a malicious PDF file. On the way, the most important features of PDF Dissector are introduced and explained. The second video shows how powerful and time-saving PDF Dissector is when analyzing heavily obfuscated malicious JavaScript code that is commonly found inside malicious PDF files.