Behaviours 1 Attempts connections to suspicious countries 2 Automatically unpack its own code 3 Creates hook to unknown module 4 Injects code into other processes 5 Makes DNS lookup of recently registered domain 6 Runs existing executable Dns Lookup seevu.net 185.36.102.105 siloovoox.net 188.165.28.225 Sample here : hxxp://www.datafilehost.com/d/384b8efc Hosting Infos : http://whois.domaintools.com/185.36.102.105