Analysis PDF here: <a href="http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Labs-Analysis-Webmail-Sever-APT.pdf" rel="nofollow">http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-La...</a>
They don't give information on how the DLL got there in the first place, though.