The Brazilian-targeted threat BBTok has a complex infection chain that starts with an email containing an ISO image. The malware compiles C# code directly on the infected machine and uses the AppDomain Manager Injection technique.