On some rare occasions, when Xavier Mertens teaches “FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques“, he will DM me during class with a very specific question from a student.
Last time this happened, was end of June 2022.
A student wanted to know if it was possible to have statistics for the /Annots keyword with pdf-parser.py
When you run pdf-parser with option -a, you get statistics for the PDF file under analysis. Example:
Statistics for keyword /Annots are not included.
But you can add them, just by editing file pdfid.ini. Like this:
And then run pdf-parser again:
pdfid.ini has to be located in the same folder as my pdf tools pdfid.py and pdf-parser.py (on my machines, they are in a bin folder).
pdfid.py uses pdfid.ini too:
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.