Trojan downloaders are the cannon fodder of the malware world: expendable, commoditized foot soldiers with a single function. But some pieces of malware are downloading not explicitly malicious pieces of code, but small bits of code that are benign on their face, but are then transformed into malicious instructions once they re on the target machine. The malicious code was found by researchers at Microsoft when investigating a file that was calling out to the site of a restaurant. The researchers expected the file to be a run-of-the-mill downloader that would pull down a malicious executable.
Source: https://threatpost.com/poison-ivy-variant-changes-benign-code-malicious-after-download-012512/76141/