this post was submitted on 16 Jan 2025
25 points (100.0% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
1455 readers
36 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
 |
 |
|---|---|
| Ko-fi | Liberapay |
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I think these tabs are meant for experts who know how to interpret a full log. Seems to me like Virostotal uses Acrobat Reader or something to open the files. I'm not an expert on what Acrobat is supposed to do once it runs. Sure, it's going to do some system calls as every software does. And there is something with internet URLs. Could be some phishink link detection or URL prefetching, that is either part of Acrobat or Virustotal? And Acrobat Reader seems to be calling home to check for updates. That triggers the "low" IDS rule. Everything else is pretty much "NOT FOUND" or "INFO" and tells the story of how Acrobat Reader operates. None of it is flagged or indicated in red text.
I'd treat those PDFs like any other one. Don't just click on any random link in them, and if the PDF contains a form, don't enter your private details and submit them unless you've verified where that form sends them to. But I doubt that's happening here.