Online binary visualization for Pdf documents

Abstract

In this paper, we develop a visualization tool which will facilitate malware reverse engineering to understand characteristics of Portable Document Format (PDF) malware. This tool is useful as it is an online tool which renders it fully accessible regardless of user devices (eg. desktops, tablets, smartphones, etc.). Malware authors typically embed malicious codes into PDF documents which execute JavaScript exploiting a vulnerability within the Adobe Reader JavaScript parser. This then can allow shellcode to be placed into the memory of a computer to run arbitrary codes. By translating PDF binary information into higher level diagrams and images, potential visual signs which differentiate between malicious and legitimate PDF documents can be observed. The proposed online binary visualization tool maps bytes in a file to pixels of assorted colors that somewhat resemble a 2D pixelated heat map. By mapping different schemes of assorted colors, we can identify JavaScript and shellcodes in a PDF document which can then raise a red flag for the human analyst.