Is VirusTotal integration included?

The skill utilizes the peepdf vtcheck functionality to cross-reference file hashes against various antivirus engines.

Does it support JavaScript deobfuscation?

Yes, it provides a structured workflow for extracting and analyzing embedded JavaScript to uncover hidden shellcode or exploit code.

What tools are required for this skill?

You need Python 3.8+, peepdf-3, and the Didier Stevens suite (pdfid.py and pdf-parser.py) installed in your environment.

Can this skill safely analyze live malware?

Yes, it focuses on static analysis; however, for safety, analysis should always be performed in an isolated virtual machine or sandbox environment.

How does it help with incident response?

It automates the extraction of IOCs such as URLs, domains, and hashes, which can be directly used to update blocklists and security filters.

Malicious PDF Malware Analysis

Name: Malicious PDF Malware Analysis
Author: micsapp

bymicsapp

0•

Seguridad y Pruebas

Performs in-depth static analysis of suspicious PDF documents to identify and extract embedded malware, scripts, and exploits.

This skill empowers security analysts and developers to safely triage and examine suspicious PDF files using industry-standard tools like peepdf, pdfid, and pdf-parser. It automates the detection of malicious indicators such as obfuscated JavaScript, shellcode, and hidden object streams, facilitating a rapid Digital Forensics and Incident Response (DFIR) workflow. By providing structured guidance on deobfuscation and IOC generation, it helps users understand the internal structure of weaponized documents and assess their risk level without execution.

Características Principales

01Structured reporting of Indicators of Compromise (IOCs) and risk levels

02Automated triage using keyword scanning for suspicious PDF elements

03Cross-referencing file hashes with VirusTotal for threat intelligence

04Extraction of embedded JavaScript and hidden file attachments

05Identification of auto-executing actions and malicious object streams

060 GitHub stars

Casos de Uso

01Reverse-engineering PDF-based exploits to build custom detection signatures

02Performing forensic analysis on weaponized PDF artifacts during a breach investigation

03Analyzing suspicious email attachments reported in corporate environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills analyzing-malicious-pdf-with-peepdf

For use in Claude.ai and ChatGPT

Características Principales

01Structured reporting of Indicators of Compromise (IOCs) and risk levels

02Automated triage using keyword scanning for suspicious PDF elements

03Cross-referencing file hashes with VirusTotal for threat intelligence

04Extraction of embedded JavaScript and hidden file attachments

05Identification of auto-executing actions and malicious object streams

060 GitHub stars

Casos de Uso

01Reverse-engineering PDF-based exploits to build custom detection signatures

02Performing forensic analysis on weaponized PDF artifacts during a breach investigation

03Analyzing suspicious email attachments reported in corporate environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills analyzing-malicious-pdf-with-peepdf

For use in Claude.ai and ChatGPT