How to Extract Flash Objects from Malicious PDF Files
Nice post from the SANS Computer Forensics Blog that explains how to extract Flash Objects from malicious PDF files.
Why using Flash objects on PDF files? The attackers seem to use ActionScript as an alternative to JavaScript to perform the Heap Spray.
This cheatsheet is being used in conjunction with pdf-parser or PDF Stream Dumper to extract the objects contained in the PDF.
Once the Flash object has been extracted, SWFTools is used to dissemble it and proceed with the analysis.
At the end, the author of the post links to a real life example.