Scribd
Upload
29 views

3

The document discusses how to detect if a PDF file contains malware. It mentions that PDFs can contain JavaScript that runs when opened, posing a security risk. It asks if there is a way to detect malware in a PDF file and remove it if found. The top response recommends uploading the PDF to Virustotal to check for known malware detections, but warns that this exposes the file publicly. It also suggests using the PDFid and AnalyzePDF tools on Linux to examine the file's contents for signs of JavaScript without opening it.

Uploaded by

lol
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
29 views

3

The document discusses how to detect if a PDF file contains malware. It mentions that PDFs can contain JavaScript that runs when opened, posing a security risk. It asks if there is a way to detect malware in a PDF file and remove it if found. The top response recommends uploading the PDF to Virustotal to check for known malware detections, but warns that this exposes the file publicly. It also suggests using the PDFid and AnalyzePDF tools on Linux to examine the file's contents for signs of JavaScript without opening it.

Uploaded by

lol
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

How to know if a .pdf contains malware?

I read somewhere that .pdf files can contain javascript file that run when opened.
There is a very good computer science book I wanted to read about computer
architecture, but of course it's $40 and I don't have that money at the moment. So
logically I search for a free PDF version, but remember that fact, I am now scared
to open it. Is there anyway to detect if the file contains malware, and then remove
it if so.

Upvote
247

Downvote
150
comments

Share
Share

u/auth0dev

Promoted

Implement Auth0 in any app in just 5 minutes. Sign up free and save time with
Auth0.
auth0.com
Sign Up
Sort by:

Best
Log in to sort by top, controversial, or new
150 comments

Add a Comment
elit3rjmg

6 mo. ago
The amount of pirated PDFs I've opened 💀

Upvote
297

Downvote

Reply
reply

Share
Share

u/OtomeView avatar
OtomeView

6 mo. ago
reading the comments makes me think i should do deep scans on my pc more often
cause i pirate pdf's on the daily lmao
Upvote
89

Downvote

Reply
reply

Share
Share

lechauve911

6 mo. ago
my Calibre library has over 20000 pdfs of dubious origins

Upvote
13

Downvote

Reply
reply

Share
Share

[deleted]
[deleted]

6 mo. ago
I'm reading through this thinking about my PHP and SQL Server pdfs I pirated for
school recently. Not to mention the countless other books I've pirated.

Upvote
32

Downvote

Reply
reply

Share
Share

3 more replies

1 more reply
u/CentiTheAngryBacon avatar
CentiTheAngryBacon

6 mo. ago
In your case you could probably get away with just uploading it to Virustotal.com
to see if any AV engines have detected malware in it in the past. However, in
general this isn't always a good idea. Anything uploaded to VT becomes public. So
if this was something for work with sensitive information, maybe pricing data, or
employee PII, then it would be available for the whole world to read.

Just opening it is asking to get infected. Instead you can run PDFiD and AnalyzePDF
on a linux machine to take a look at whats inside the PDF. PDFid will check a file
and give you a list as output in a terminal of how many streams, endstreams,
objects, and things like that that a file contains. It'll list out the number of
start and end tags for javascript its sees. This will allow you to do some very
simple enumeration of the contents. If it comes back as zeros for the start and
stop tags of javascript, then thats a good sign it doesn't contain any. However
there's others tools that allow you to do a deeper dive to verify this. AnalyzePDF
uses a few other tools besides PDFiD to check the file. There's a few articles and
resources out there covering these tools if you are interested in diving deeper
into malware analysis and PDF files.

Upvote
188

Downvote

Reply
reply

Share
Share

Ok_Tomato_7584

6 mo. ago
Dont even need linux machine. Pdfid and pdfparser are python based so just get
python installend and use them to analyse. Well documented for you

Upvote
27

Downvote

Reply
reply

Share
Share

ddf

You might also like