Malware was expected to be malicious in nature, but its network behavior was what was really interesting. Running Wireshark, I immediately noticed several DNS queries per second to what appeared to be “random” domain names. This is typical of a piece that uses an algorithm to generate domain names to call out to. If we want to block these domains in the future, we must reverse the process of generating these names and implement our own version. Part 1 – Unpacking the binary to properly view it in IDA Pro Pro”]
Source: https://blog.talosintelligence.com/2014/02/decoding-domain-generation-algorithms.html