The malware, designed by human, often inhabits the servers to steal the information and to destroy the computer systems.
This analysis aims to find out, in the case of the company (real name is not exposed by the permission), how the malware infected the server, and to assess the malware’s relationship with external objects.
The same as the shellcode, Dropper also used a decryption function to transform themselves by XOR with 0xCC value. Then, it was parsing kernel32.dll and getting the addresses of APIs.
We have reported about a vulnerability relating to Microsoft Word application and called as CVE-2012-0158. You can refer to here.  According to the result on Virus Total, we analyze a malware relating the CVE-2012-0158 vulnerability.Last month, I paid much attention to the following email: