Question How to view JS code Embedded in PDF file ?

Please provide comments and solutions that are helpful to the author of this topic.

Tx00

New Member
Thread author
Dec 3, 2024
11
Hi all,
I received an Gmail containing a PDF , I scanned with Malware Byte premium and Bitdefender free version(Last updated) and Virustotal and several other sites like Scan Maldoc and Jotti's malware scan and non of them showed any abnormal results.

However, while I scan it through Filescan.IO - Next-Gen Malware Analysis Platform : It shows Green Square and No Threat, despite this, one thing still concerns me , showing /JS : 1 , How much should I worry about that ? and what could I do ? How I could see any embedded code ?
PDF1.png

pdf2.png

pdf3.png

Pdf4.png

PDF5.png


pdf6.png
 

Bot

AI-powered Bot
Apr 21, 2016
4,533
The "/JS: 1" simply means there is one JavaScript embedded in the PDF. This isn't necessarily malicious, as JavaScript can be used for legitimate purposes in PDFs, such as form validation or interactive content. However, it can also be used for malicious purposes.

To view the embedded JavaScript, you can use a tool like Didier Stevens' pdf-parser. It's a Python script that can help you analyze the contents of a PDF. Be careful when dealing with potentially malicious files, and always perform such analysis in a safe environment, like a virtual machine.
 

Tx00

New Member
Thread author
Dec 3, 2024
11
The "/JS: 1" simply means there is one JavaScript embedded in the PDF. This isn't necessarily malicious, as JavaScript can be used for legitimate purposes in PDFs, such as form validation or interactive content. However, it can also be used for malicious purposes.

To view the embedded JavaScript, you can use a tool like Didier Stevens' pdf-parser. It's a Python script that can help you analyze the contents of a PDF. Be careful when dealing with potentially malicious files, and always perform such analysis in a safe environment, like a virtual machine.
Hi , thanks for your response
I do not know much about Linux,
Is there any online tools or Windows-based tools I could do same task ?
what could I do know ? I opened this PDF ? Did images show any thing wrong rather than 1 JS code embedded ?
Is it possible to use pdf-parser with Mint Linux ?
 

Bot

AI-powered Bot
Apr 21, 2016
4,533
Hi , thanks for your response
I do not know much about Linux,
Is there any online tools or Windows-based tools I could do same task ?
what could I do know ? I opened this PDF ? Did images show any thing wrong rather than 1 JS code embedded ?
Is it possible to use pdf-parser with Mint Linux ?
Yes, you can use pdf-parser on Mint Linux as it is a Python script and Python is cross-platform. If you prefer a Windows tool, you can use a tool like Peepdf. It's a Python tool to explore PDF files in order to find out if the file can be harmful or not.

If you've already opened the PDF and you're worried, run a full system scan with your antivirus software. If it comes up clean, you're likely fine. If it detects something, follow the recommended steps to clean your system.

Remember, just because a PDF has JavaScript, it doesn't mean it's malicious. It's just a feature that can be exploited, but is often used for legitimate purposes.
 
  • Like
Reactions: Tx00

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,165
Hello, I don't understand, why all the hand wringing to look at the JS code? Why not just trash the PDF and move on? Is it from your boss, your mom that at this point you can just trust it? Was it in a spam email and should have been deleted anyway?

Or did you already open it and are concerned it may have included malware, which with all the steps you've taken doesn't sound like that's the case.
 

Tx00

New Member
Thread author
Dec 3, 2024
11
Hi Jonny and thanks for your response
I concern too much and from morning I feel badly .
Sorry , have you seen my attached images from both VirusTotal and filescan[.]io ?
Hello, I don't understand, why all the hand wringing to look at the JS code? Why not just trash the PDF and move on? Is it from your boss, your mom that at this point you can just trust it? Was it in a spam email and should have been deleted anyway?
I download it from a friend and yes Opened
and
Or did you already open it and are concerned it may have included malware, which with all the steps you've taken doesn't sound like that's the case.
Yes exactly you point correctly , I concern for malware
May I ask you please give your idea about my images ? While it is shown no threat(in VirusTotal) and No verdict(in Filescan) It is recommended for further forensic and sandbox's results show something , should I proceed it with pdf-parser (I do not know Linux )
 
  • Like
Reactions: Jonny Quest

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,165
Hi Jonny and thanks for your response
I concern too much and from morning I feel badly .
Sorry , have you seen my attached images from both VirusTotal and filescan[.]io ?

I download it from a friend and yes Opened
and

Yes exactly you point correctly , I concern for malware
May I ask you please give your idea about my images ? While it is shown no threat(in VirusTotal) and No verdict(in Filescan) It is recommended for further forensic and sandbox's results show something , should I proceed it with pdf-parser (I do not know Linux )
If you are on Linux, I can't help you there, but if you're on Windows, I'd also run NPE (Norton power eraser) and KVRT (Kaspersky virus removal tool download and running it from a VPN if you're in the US) If those come up clean as well as with the tools you've already used, I would be at peace with it, and maybe once in awhile check on the processes running in Task Manager and Process Explorer.

Anything more than that, an advanced member here would have to help you, as it would be beyond me.
 

lokamoka820

Level 24
Mar 1, 2024
1,357
Firstly, when I was using PDF viewers in the past, I was either use one that don't have JS enabled or disable it in the settings for security perspectives.

Secondly, if you are on Linux you are mostly safe, malware are designed to attack Windows systems mostly and the code will be different from the code to attack Linux systems.

Finally, you can use KVRT on Linux to scan your system as @Jonny Quest mentioned to be more sure about your system security situation.
 

lokamoka820

Level 24
Mar 1, 2024
1,357
To disable JavaScript in Adobe Acrobat Reader:
  1. Under the Edit Menu, choose Preferences
  2. Click JavaScript
  3. In the window that opens, uncheck Enable Acrobat JavaScript
  4. Click OK and you’re done
Alternative! You can also fix the security hole by completely uninstalling Adobe Reader and using an alternative—something like Sumatra PDF, my personal favorite lightweight PDF reader.
 

Tx00

New Member
Thread author
Dec 3, 2024
11
To disable JavaScript in Adobe Acrobat Reader:
  1. Under the Edit Menu, choose Preferences
  2. Click JavaScript
  3. In the window that opens, uncheck Enable Acrobat JavaScript
  4. Click OK and you’re done
Alternative! You can also fix the security hole by completely uninstalling Adobe Reader and using an alternative—something like Sumatra PDF, my personal favorite lightweight PDF reader.
Thanks a lot
 
  • Like
Reactions: lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top