Kandji Blog

Another PDF Viewer - Is It Malicious?

For security researchers, sometimes spending time reversing a potential suspicious file does not result in it being malicious. There is always something to learn from these efforts, and sometimes they can result in an interesting story even if it does not result in malware. I considered not writing this up but decided (with some help from friends) to release this as an article that details the process of trying to determine if something is malicious. This is one such story that details a PDF that requires a specific PDF viewer application in order to open and extract an encrypted embedded PDF to display to the user, definitely a little strange…