Our evaluation shows that regardless of obfuscation techniques, MPScan can effectively de-obfuscate and detect 98% malicious PDF samples.", We also perform a multilevel analysis on the resulting JavaScript strings and op-code to detect malware.
Malicious pdf sample code#
By hooking the Adobe Reader's native JavaScript engine, JavaScript source code and op-code can be extracted on the fly after the source code is parsed and then executed. Therefore, in this paper, we present MPScan, a scanner that combines dynamic JavaScript de-obfuscation and static malware detection.
However, existing static methods cannot de-obfuscate JavaScript codes, existing dynamic methods bring high overhead, and existing hybrid methods introduce high false negatives. To detect malicious PDF files, the first step is to extract and de-obfuscate JavaScript codes from the document, for which an effective technique is yet to be created.
Malicious pdf sample portable#
Our evaluation shows that regardless of obfuscation techniques, MPScan can effectively de-obfuscate and detect 98% malicious PDF samples.Ībstract = "Due to its high popularity and rich functionalities, the Portable Document Format (PDF) has become a major vector for malware propagation.
Due to its high popularity and rich functionalities, the Portable Document Format (PDF) has become a major vector for malware propagation.
0 kommentar(er)
