I produced videos showing how I created my “Test File: PDF With Embedded DOC Dropping EICAR” and how to change the settings in Adobe Reader to mitigate this.
Monday 21 September 2015
2 Comments »
RSS feed for comments on this post. TrackBack URI
Didier Stevens
Pages
- About
- Didier Stevens Suite
- Links
- My Python Templates
- My Software
- Professional
- Programs
- Ariad
- Authenticode Tools
- Binary Tools
- CASToggle
- Cobalt Strike Tools
- Disitool
- EICARgen
- ExtractScripts
- FileGen
- FileScanner
- HeapLocker
- Network Appliance Forensic Toolkit
- Nokia Time Lapse Photography
- oledump.py
- OllyStepNSearch
- PDF Tools
- Shellcode
- SpiderMonkey
- Translate
- USBVirusScan
- UserAssist
- VirusTotal Tools
- XORSearch & XORStrings
- YARA Rules
- ZIPEncryptFTP
- Public Drafts
- Screencasts & Videos
Top Posts
Categories
- .NET
- 010 Editor
- Announcement
- Arduino
- Bash Bunny
- Beta
- bpmtk
- Certification
- Didier Stevens Labs
- Eee PC
- Elec
- Encryption
- Entertainment
- Fellow Bloggers
- Forensics
- Hacking
- Hardware
- maldoc
- Malware
- My Software
- N800
- Networking
- Nonsense
- nslu2
- OSX
- Personal
- Physical Security
- Poll
- Puzzle
- Quickpost
- Release
- Reverse Engineering
- RFID
- Shellcode
- smart card
- Spam
- technology
- UltraEdit
- Uncategorized
- Update
- video
- Vulnerabilities
- WiFi
- Windows 7
- Windows 8
- Windows Vista
- Wireshark
-
Blog Stats
- 7,300,644 hits
Twitter @DidierStevens
- RT @0xThiebaut: @sans_isc And some #YARA rules to detect #aCropalypse PNG images 👉🏽 github.com/0xThiebaut/Sig… https://t.co/q02k7mo1N4 2 days ago
- 2 weeks ago I flew to Lapland with all my @NVISOsecurity colleagues for our annual offsite, this time to be held in… twitter.com/i/web/status/1… 1 week ago
- My #nviso peeps :-) #offsite #lapland @NVISOsecurity https://t.co/rE6up6xOZZ 2 weeks ago
- RT @sans_isc: YARA: Detect The Unexpected ... i5c.us/d29598 https://t.co/c9UNxC7l2m 3 weeks ago
- RT @DhaeyerWolf: Amazing post by @DidierStevens. If you’re new to creating YARA rules, this is a perfect example of how versatile they are… 3 weeks ago
Archives
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
Didier Stevens 
Nice Tutorial and great work!!! 🙂
I just Installed the latest Phyton 3-Version and tried to use your script, but as a Result a 1kb not readable PDF will be created.
That is the complete Output:
C:\exploit>make-pdf-embedded.py -a -s Anschreiben.doc a.pdf
Traceback (most recent call last):
File “C:\exploit\make-pdf-embedded.py”, line 117, in
Main()
File “C:\exploit\make-pdf-embedded.py”, line 114, in Main
CreatePDFWithEmbeddedFile(pdfFileName, embeddedFileName, embeddedFileContent, options.filters, options.nobinary, options.autoopen, options.button, options.stego, options.message)
File “C:\exploit\make-pdf-embedded.py”, line 80, in CreatePDFWithEmbeddedFile
oPDF.stream2(8, 0, embeddedFileContent, ‘/Type /EmbeddedFile’, filters)
File “C:\exploit\mPDF.py”, line 156, in stream2
self.appendBinary(encodeddata)
File “C:\exploit\mPDF.py”, line 55, in appendBinary
fPDF.write(bytes(str, ‘ascii’))
TypeError: encoding or errors without a string argument
Any suggestions?
Thanks!
Comment by Martin — Tuesday 15 December 2015 @ 12:01
Take a look at this post: https://blog.didierstevens.com/2015/07/20/if-you-have-a-problem-running-my-tools/
Comment by Didier Stevens — Tuesday 15 December 2015 @ 14:53