In the past few days I have come across a couple malware samples used in targeted attacks asking me for a password. This sort of tactic is generally done through a spearphishing message where the document is attached and the password is contained within the body. For those handling the incident with the full attack chain, this is no problem, but when you don’t have it, what then?
As for the PDF document, I was fortunately able to guess the password due to its simple nature, but even so, I put it into the recovery program and got an answer back in a few seconds.
The tactic of putting a password on a document may seem dumb or trivial, but it ends up being a real pain when you are left with nothing more than a malicious file and you are expected to some how analyze it. Having not used the Elcomsoft tool for that long, I can’t say it is perfect, but at the end of the day no solution is. The software got the job done and saved me a lot of time. I entered the passwords for each document and was happy to see a crash right before my machine was exploited. 🙂