If you use peepdf tool as one of your weapon to analyze malicious PDF documents then you might have come across with an error related to libemu python wrapper module imports. Well the funny fact is even if you have installed libemu and the python wrapper around it, its very surprising if you still come across with such errors! Basically the libemu import error comes while we try to load a PDF document into PPDF (peepdf tool) interactive command line context. The error looks like this:
Error: pylibemu is not installed!!
Well its a pretty straight forward error which says the program couldn’t import the pylibemu module. The reason we get this error is, in Python v2.7 the module gets a new name i.e. libemu only, which is the root cause for this error. To fix this problem you just need to push a slight code change to a python file i..e “PDFConsole.py”. Once you open that Python source file “PDFConsole.py” you will encounter a line like this:
try: import pylibemu EMU_MODULE = True except: EMU_MODULE = False
You just need to modify the module name there (since the module name name is a different one) and you are all set to perform shellcode detection against your loaded PDF document. The modified code would look like this:
try: import libemu EMU_MODULE = True except: EMU_MODULE = False