The attack vector is represented by a malformed PDF file that contains both a specially crafted javascript and an embedded SWF file. Once opened, the javascript triggers the decryption of a shell-code that will be subsequently heap-sprayed. A secondary DLL is also dropped in the %windows%system32 folder (overwriting a system file) and injected into an instance of SVCHOSTEXE. Once it is set in place, the dll file acts as a backdoor and starts sending critical information about the infected system to a remote server.”]