This is the downloader : hxxp://www.xup.in/dl,79161341/010-RELATORIOFINAL_2601.doc.exe.7z/
Domain used to donwload the trojan :
hellolink.biz 110.4.45.31
URL : hxxp://hellolink.biz/pinjam.my/counter/WinProc.zip unzip the file the trojan exe is inside.
Trojan is packed with Themida and gets file from here : proexti.ufam.edu.br/xmlrpc/content/count/B/fix.php
Hosting Infos :
http://whois.domaintools.com/200.129.163.16