This week, I am going to talk about catching its injected entry point inside explorer.exe. This makes it easier to dynamically analyze the code from the very beginning of its execution routine up to the code utilizing the DGA algorithm. This sample injects itself into every process in the process list, except for itself. Depending on which process it is injected into, it will perform different functionality. Check in soon for part 3 of this blog series where I will decode and rewrite the algorithm for detection.”]
Source: https://blog.talosintelligence.com/2014/02/decoding-domain-generation-algorithms_20.html