According to a
Kaspersky Lab article,
SEO Sploit Pack is one of the
Exploit Kits which appeared in the first months of the year, being PDF and Java vulnerabilities the most used in these type of kits. That's the reason why I've chosen to analyse a malicious PDF file downloaded from a SEO Sploit Pack. The PDF file
kissasszod.pdf was downloaded from
hxxp://marinada3.com/88/eatavayinquisitive.php and it had a
low detection rate. So taking a look at the file with
peepdf we can see this information:
In a quick look we can see that there are Javascript code in object 8 and that the element /AcroForm is probably used to execute something when the document is opened. The next step is to explore these objects and find out what will be executed:
