Gallus by M圜ERT is an on-line scanner for PDF files, which is able to identify common exploits. (However, it did not flag the PDF file I uploaded as malicious.) Like Jsunpack, its strength is in examining JavaScript for shellcode and suspicious actions. Wepawet by UCSB Computer Security Lab is an automated tool for identifying malicious client-side components in the form of PDF, Flash and JavaScript elements. (The example I uploaded used Flash, rather than PDF, so Jsunpack didn’t locate malicious artifacts in this case.) It can also examine PDF files for malicious JavaScript artifacts.
Its features also include carving contents of network packet capture (PCAP) files and identifying common client-side exploits. Jsunpack by Blake Hartstein is designed for automatically examining and deobfuscating JavaScript.
In this way, it differs from Jsunpack and Wepawet, which focus on automating the analysis as much as possible.
This tools lends itself well to manual PDF analysis tasks. PDF Examiner by Malware Tracker is able to scan the uploaded PDF for sveral known expoits, allows the user to explore the structure of the file, as well as examine, decode and dump PDF object contents. The list includes PDF Examiner, Jsunpack, Wepawet and Gallus. These online tools automate the scanning of PDF files to identify malicious components. There are also several handy web-based tools you can use for analyzing suspicious PDFs without having to install any tools. In an earlier post I outlined 6 free local tools for examining PDF files.