Hackers are intelligent about wrapping Executable files in shellcode, encrypting it and hiding it in Javascript within PDF files. Using a number of utilities, we are able to reverse engineer the techniques in malicious PDFs. In this infected PDF, the shellcode uses it to point the PC to an infection point, which is the IP address we have circled. Once the infected file is downloaded, the. shellcode will execute it, infecting the computer. Like Inception, you have to go deeper to find what is truly at the heart of this infected.
Source: https://threatpost.com/inside-malicious-pdf-attack-052311/75262/