While analyzing a recent pdf sample exploiting the TIFF vuln it used a known technique to obfuscate it’s content: it appends a pdf to the first one after a bunch of of “garbage” (that contains the dropped executables) %PDF-1.6 … %%EOF [GARBAGE] %PDF-1.6 … %%EOF I tried to run my extractor on the sample to [...]