Great post from research.zscaler.com
It explains how to analyze a PDF that contains malicious code. The following steps are followed during the analysis.
- Decode the shellcode to obtain a valid executable binary.
- Use a debugger ( OllyDbg) to analyze the binary. The analyst extracts the XOred code from the binary.
- Use a debugger again to analyze the extracted code. It contacts a website to download the second stage and infect the host computer.