PDF Dissector 1.6.0 released

Today we are releasing a new version of our PDF malware analysis tool PDF Dissector. This release fixes two PDF parsing bugs reported by our customers. The first bug led to problems when PDF files were using unexpected null-bytes in the PDF file. The second parsing bug led to problems with unexpected PDF comments.

Especially that second parsing bug was very interesting. A customer sent us a PDF malware file that strategically placed PDF comment strings everywhere to confuse PDF parsers. To be able to analyze this file manually, it was also necessary to add a new feature to PDF Dissector. It is now possible to hide PDF comment strings from the PDF browsing tree. Just take a look at the two screenshots below to see why this is really useful.

Obfuscated PDF file without comment string hiding

Obfuscated PDF file with comment string hiding

To learn more about PDF Dissector, please visit the product site or the PDF Dissector manual.

3 Responses to “PDF Dissector 1.6.0 released”

  1. Marcelo says:

    Good job!
    Qestion: A month ago I purchased a 1-year PDF disector license. Am I entitled to download and activate the v.16 for the remaining 11 months?

  2. gchunxia says:

    Very Good job!
    I want a PDF Dissector 1.6.0 released.Can you sent me?