So this is how I check if a PDF contains malware. So I’ll come over to my Kali Linux virtual machine, I’ll go to a tool called PDF ID, followed by my file, hit enter. This is going to show me the structure of the PDF file itself. What I’m looking out for mostly is open action with a 1 next to it. This means when the file is opened, something is automatically run. And I’m also looking out for A 1 next to Javascript, because if a PDF contains Javascript, this is very suspicious and likely is malware. Now if you want more malware analysis videos like this, make sure you follow us for more!